SSRF Vulnerability in Nexus Repository by Sonatype
CVE-2026-7494

5.3MEDIUM

Key Information:

Vendor

Sonatype

Vendor
CVE Published:
14 July 2026

What is CVE-2026-7494?

Nexus Repository versions prior to 3.94.0 have a Server-Side Request Forgery (SSRF) vulnerability through the SSL Certificate Retrieval endpoint. This flaw permits users with the nexus:ssl-truststore:read permission to trick the server into establishing outbound connections to internal or restricted hosts, potentially exposing sensitive information and creating opportunities for further attacks within the network.

Affected Version(s)

Nexus Repository 3.0.0 < 3.94.0

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Muhamad Burhanudin
.