SSRF in Sonatype Nexus Repository 3

CVE-2026-14645

Nexus Repository 3 does not validate the destination of the "Webhook: Global" capability's configured URL before making an outbound HTTP request, allowing a user holding the Capability Administration permission to cause the server to send…

Vulnerability class: SSRF (Server-Side Request Forgery)

Affected products

Weakness classification (CWE)

References