Sonatype Nexus Repository 3
3 CVEs affecting Sonatype Nexus Repository 3. Latest disclosed: 2026-07-14. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-14646 | | 2026-07-14 | Nexus Repository 3 did not apply its existing Server-Side Request Forgery (SSRF) protections to HTTP redirect targets returned by proxy repository upstream ser… | |
CVE-2026-14645 | | 2026-07-14 | Nexus Repository 3 does not validate the destination of the "Webhook: Global" capability's configured URL before making an outbound HTTP request, allowing a us… | |
CVE-2026-14504 | | 2026-07-14 | An authorization bypass in Nexus Repository 3's component upload API allowed a user with only read/browse privileges on a Swift, Terraform, or Conda hosted rep… |