CVE-2026-10748

Vulnerability

A command injection vulnerability exists in the license file upload functionality of Sonatype Nexus Repository. An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file that, when processed, executes arbitrary operating system commands as the Nexus process user. This affects Sonatype Nexus Repository versions prior to 3.92.0 [1].

Exploitation

An attacker must have a valid account with the nx-licensing-create privilege. The attacker crafts a malicious license file and uploads it via the licensing interface. The file is then processed by the Nexus application, leading to the execution of arbitrary commands. No additional user interaction is required beyond the upload step.

Impact

Successful exploitation allows an attacker to execute arbitrary operating system commands with the privileges of the Nexus process user. This can result in full compromise of the Nexus Repository instance, including unauthorized access to stored artifacts, credentials, and the ability to disrupt service or pivot to other systems.

Mitigation

The vulnerability is fixed in Sonatype Nexus Repository version 3.92.0 and later [1]. Users should upgrade to at least version 3.92.0 immediately. If an upgrade is not feasible, restrict the nx-licensing-create privilege to only trusted users and monitor for any suspicious license upload activity.