Skip to main content

Sonatype Nexus Repository CVE-2026-0600

Server-Side Request Forgery (SSRF) (CWE-918)
2026-01-14 103e4ec9-0a87-450b-af77-479448ddef11

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 14, 2026 - 23:15 nvd
N/A

DescriptionCVE.org

Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network resources. A workaround configuration is available starting in version 3.88.0, but the product remains vulnerable by default.

AnalysisAI

Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network resources.

Technical ContextAI

Classified as CWE-918 (Server-Side Request Forgery (SSRF)). Affects Sonatype Nexus Repository 3. Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network resources. A workaround configuration is available starting in version 3.88.0, but the product remains vulnerable by default.

Affected ProductsAI

Product: Sonatype Nexus Repository 3.

RemediationAI

Monitor vendor advisories for a patch.

Share

CVE-2026-0600 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy