CRITICALCVE-2026-3199Published 2026-04-08Modified 2026-04-09CNA Sonatype

CVE-2026-3199: Nexus Repository 3 - Authenticated Remote Code Execution via Task Property Injection

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control.

CVSS v4.0: 9.4
Severity: CRITICAL
Fixed in: 3.91.0
Affected Products: 1

Fix available

3.91.0

Patch commits

help.sonatype.com

Affected packages

Sonatype / Nexus Repository
< 3.91.0 (from 3.22.1)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L

References

help.sonatype.com
support.sonatype.com

Metrics

Fix available