SSRF in Sonatype Nexus Repository 3
CVE-2026-14645
Nexus Repository 3 does not validate the destination of the "Webhook: Global" capability's configured URL before making an outbound HTTP request, allowing a user holding the Capability Administration permission to cause the server to send…
Vulnerability class: SSRF (Server-Side Request Forgery)
Affected products
- Sonatype Nexus Repository 3 — versions 3.0.0
Weakness classification (CWE)
References
- 103e4ec9-0a87-450b-af77-479448ddef11 (patch)
- 103e4ec9-0a87-450b-af77-479448ddef11 (vendor-advisory)