QwikSec

Security Database

CVE

CWE

Training

CVE-2026-5189

Published: Apr 15, 2026

Modified: Apr 16, 2026

PUBLISHED

Description

CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitation requires the non-default nexus.orient.binaryListenerEnabled=true configuration to be enabled.

Vendor	Product	Versions
Sonatype	Nexus Repository	affected `3.0.0 - < 3.71.0`

Weaknesses (CWE)

References

https://help.sonatype.com/en/sonatype-nexus-repository-3-71-0-release-notes.html

patch

https://support.sonatype.com/hc/en-us/articles/50817138825491

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.