Sonatype Nexus Repository 3

3 CVEs affecting Sonatype Nexus Repository 3. Latest disclosed: 2026-07-14. Critical: 0, High: 0.

Top CVEs affecting Sonatype Nexus Repository 3
CVESeverityScorePublishedSummary
CVE-2026-146462026-07-14Nexus Repository 3 did not apply its existing Server-Side Request Forgery (SSRF) protections to HTTP redirect targets returned by proxy repository upstream ser…
CVE-2026-146452026-07-14Nexus Repository 3 does not validate the destination of the "Webhook: Global" capability's configured URL before making an outbound HTTP request, allowing a us…
CVE-2026-145042026-07-14An authorization bypass in Nexus Repository 3's component upload API allowed a user with only read/browse privileges on a Swift, Terraform, or Conda hosted rep…