SSRF in Sonatype Nexus Repository 3

CVE-2026-14646

Nexus Repository 3 did not apply its existing Server-Side Request Forgery (SSRF) protections to HTTP redirect targets returned by proxy repository upstream servers. Any user with read access to a proxy repository backed by an attacker-cont…

Vulnerability class: SSRF (Server-Side Request Forgery)

Affected products

Weakness classification (CWE)

References