Server-Side Connection Vulnerability in Sonatype Nexus Repository Manager
CVE-2026-3048

5.1MEDIUM

Key Information:

Vendor: Sonatype
Status: Nexus Repository
Vendor: CVE Published:; 11 May 2026

What is CVE-2026-3048?

In versions 3.0.0 to 3.91.1 of Sonatype Nexus Repository Manager, an authenticated administrator can configure or test LDAP connectivity. This may enable potential exploitation by initiating unintended server-side connections when engaging with a malicious LDAP server. Such vulnerabilities may lead to unauthorized access or data exposure, underscoring the importance for users to ensure they are operating on the latest protected versions.

Affected Version(s)

Nexus Repository 3.0.0 < 3.92.0

References

https://help.sonatype.com/en/sonatype-nexus-repository-3-...

patch

https://support.sonatype.com/hc/en-us/articles/5159169546...

vendor-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
Feb 23, 2026

Credit

Icare (@Icare1337)

CVE-2026-3048 Data

JSON