XSS in Sonatype Nexus Repository

CVE-2026-3438

A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (58.3th percentile) — read the EPSS interpretation.