CVE-2026-14504 in Nexus Repositoryinformación

Resumen

por MITRE • 2026-07-14

An authorization bypass in Nexus Repository 3's component upload API allowed a user with only read/browse privileges on a Swift, Terraform, or Conda hosted repository to upload arbitrary artifacts, bypassing the intended write-permission check.

Once again VulDB remains the best source for vulnerability data.

Responsable

Sonatype

Reservar

2026-07-02

Divulgación

2026-07-14

Moderación

aceptado

Artículo

VDB-378355

CPE

listo

EPSS

0.00000

KEV

no

Actividades

muy bajo

Fuentes

Do you know our Splunk app?

Download it now for free!