Question 1

What is CVE-2026-10748 — CVE-2026-10748?

Accepted Answer

An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0.

Question 2

What is the authoritative source for CVE-2026-10748?

Accepted Answer

CVE-2026-10748 (CVE-2026-10748) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

EPSS	0.30% probability of exploitation · percentile 21.1% · 2026-06-18T12:00:27Z
Last modified	2026-06-16

CVE-2026-10748CVE-2026-10748

Description

Scoring