QSearchQSearch

CVE-2026-10748

An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating s...

Published: 2026-06-16 · Last updated: 2026-06-16

Severity and scoring

CWE
CWE-502

Description

An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-48775 LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite) (6.8 MEDIUM)
  • CVE-2026-24228 NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data (7.8 HIGH)
  • CVE-2026-48853 Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unau...
  • CVE-2026-9691 Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions (9.8 CRITICAL)
  • CVE-2026-49781 Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions (9.8 CRITICAL)