Critical severityNVD Advisory· Published Apr 15, 2026· Updated Apr 17, 2026
CVE-2026-5189
CVE-2026-5189
Description
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitation requires the non-default nexus.orient.binaryListenerEnabled=true configuration to be enabled.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: >=3.0.0 <=3.70.5
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.