NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-3199

Summary	A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control.
Publication Date	April 9, 2026, 8:16 a.m.
Registration Date	April 15, 2026, 11:33 a.m.
Last Update	April 14, 2026, 12:02 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://help.sonatype.com/en/sonatype-nexus-repository-3-91-0-release-notes.html	103e4ec9-0a87-450b-af77-479448ddef11
2	https://support.sonatype.com/hc/en-us/articles/50615414548499	103e4ec9-0a87-450b-af77-479448ddef11

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-502	信頼性のないデータのデシリアライゼーション	https://cwe.mitre.org/data/definitions/502.html