216.73.216.86

CVE-2026-0600

· Published 14/01/2026 23:15 · Modified 14/01/2026 23:15

Labels: CVE-2026-0600 103e4ec9-0a87-450b-af77-479448ddef112026-01-14CVE-2026-0600CWE-918

Essential information

Published
14/01/2026 23:15
Modified
14/01/2026 23:15
Author
Creator
CVSS
6.2 MEDIUM (v3) 6.2 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network resources. A workaround configuration is available starting in version 3.88.0, but the product remains vulnerable by default.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
103e4ec9-0a87-450b-af77-479448ddef11
NVD
View on NVD

Affected products (CPE)

ProductCPE
sonatype / nexus repository cpe:2.3:a:sonatype:nexus_repository:3.0.0-*:*:*:*:*:*:*
sonatype / nexus repository cpe:2.3:a:sonatype:nexus_repository:3.88.0:*:*:*:*:*:*:*

References