SSRF Vulnerability in Nexus Repository by Sonatype
CVE-2026-7494
5.3MEDIUM
What is CVE-2026-7494?
Nexus Repository versions prior to 3.94.0 have a Server-Side Request Forgery (SSRF) vulnerability through the SSL Certificate Retrieval endpoint. This flaw permits users with the nexus:ssl-truststore:read permission to trick the server into establishing outbound connections to internal or restricted hosts, potentially exposing sensitive information and creating opportunities for further attacks within the network.
Affected Version(s)
Nexus Repository 3.0.0 < 3.94.0
