CVE-2026-0600

Summary

Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network resources. A workaround configuration is available starting in version 3.88.0, but the product remains vulnerable by default.

Affected Software

VendorProductVersion RangeStatus
SonatypeNexus Repository3.0.0 < *affected

Weaknesses

  • CWE-918: CWE-918 Server-Side Request Forgery (SSRF)

Workarounds

Starting in version 3.88.0, administrators can configure the private network validation setting to block proxy repositories from accessing private network destinations. Cloud metadata endpoints (169.254.169.254) are always blocked regardless of configuration. See the security documentation at https://help.sonatype.com/en/securing-nexus-repository-manager.html for detailed configuration steps.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References