CVE-2026-0601

Published: Jan 14, 2026

Modified: Jan 15, 2026

PUBLISHED

Description

A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction.

Vendor	Product	Versions
Sonatype	Nexus Repository	affected `3.82.0 - <= 3.87.1`

Weaknesses (CWE)

CWE-79

References

https://help.sonatype.com/en/sonatype-nexus-repository-3-88-0-release-notes.html

patch

https://support.sonatype.com/hc/en-us/articles/47934334375955

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-0601

Description

Affected Products

Weaknesses (CWE)

References