SSRF in Sonatype Nexus Repository
CVE-2026-7494
Nexus Repository 3 is vulnerable to Server-Side Request Forgery (SSRF) via the SSL Certificate Retrieval endpoint. A user holding the nexus:ssl-truststore:read permission could cause the server to initiate outbound connections to internal…
Vulnerability class: SSRF (Server-Side Request Forgery)
Affected products
- Sonatype Nexus Repository — versions 3.0.0
Weakness classification (CWE)
References
- 103e4ec9-0a87-450b-af77-479448ddef11 (patch)
- 103e4ec9-0a87-450b-af77-479448ddef11 (vendor-advisory)