Back to search
CVE-2026-0600
Published: Jan 14, 2026
Modified: Jan 15, 2026
PUBLISHED
Description
Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network resources. A workaround configuration is available starting in version 3.88.0, but the product remains vulnerable by default.
| Vendor | Product | Versions |
|---|---|---|
Sonatype | Nexus Repository | affected 3.0.0 - < * |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now