Description

CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitation requires the non-default nexus.orient.binaryListenerEnabled=true configuration to be enabled.

INFO

Published Date :

2026-04-15T18:43:32.166Z

Last Modified :

2026-04-16T10:01:24.305Z

Source :

Sonatype
AFFECTED PRODUCTS

The following products are affected by CVE-2026-5189 vulnerability.

Vendors Products
Sonatype
  • Nexus Repository Manager
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-5189.

URL Resource
https://help.sonatype.com/en/sonatype-nexus-repository-3-71-0-release-notes.html cve-icon cve-icon
https://support.sonatype.com/hc/en-us/articles/50817138825491 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability