- CVE ID
- CVE-2026-11403
- CWE
- N/A
- CVE Description
- Nexus Repository Manager - Insufficient Entropy in Format-Specific API Key Generation
- Published
- Jul 8, 2026
- CVSS Score & Severity
8.7High
- CVSS Vector
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
- EPSS Score
- 0%
- KEV Status
Not in KEV Catalog: No known exploits
- Vulnerable Methods
org/sonatype/nexus/internal/security/apikey/DefaultApiKeyFactory.makeApiKey(Lorg/apache/shiro/subject/PrincipalCollection;)[CJVM
- Source
- National Vulnerability Database