CVE-2019-16530
Description
Sonatype Nexus Repository Manager and IQ Server versions prior to specific patches allow remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Sonatype Nexus Repository Manager and IQ Server versions prior to specific patches allow remote code execution.
Vulnerability
Overview
CVE-2019-16530 is a remote code execution vulnerability affecting Sonatype Nexus Repository Manager 2.x before 2.14.15, 3.x before 3.19, and IQ Server before version 72 [1]. The exact root cause is not publicly detailed, but the flaw permits an attacker to execute arbitrary code on the affected system.
Exploitation
An attacker with network access to the vulnerable service may exploit this vulnerability. The attack surface likely involves the management interface or API endpoints. Authentication requirements are not specified in the available advisory, but many deployments expose these services internally or externally, increasing the risk of exploitation.
Impact
Successful exploitation grants the attacker the ability to run arbitrary commands on the server. This could lead to full compromise of the repository manager, exfiltration of sensitive data, or lateral movement within the network.
Mitigation
Sonatype has released patches in Nexus Repository Manager 2.14.15, 3.19, and IQ Server 72 [1]. Users should upgrade to these or later versions immediately. No workarounds are documented.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.sonatype.nexus:nexus-repositoryMaven | >= 2.0.0, < 2.14.15 | 2.14.15 |
org.sonatype.nexus:nexus-repositoryMaven | >= 3.0.0, < 3.19.0 | 3.19.0 |
Affected products
2- Sonatype/Nexus Repository Managerdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-hmjv-px3j-933cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-16530ghsaADVISORY
- issues.sonatype.org/secure/ReleaseNote.jspaghsax_refsource_MISCWEB
- support.sonatype.com/hc/en-us/articles/360036132453ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.