๐Ÿ” CVE Alert

CVE-2026-7494

UNKNOWN 0.0

Nexus Repository - SSRF in SSL Certificate Retrieval

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Nexus Repository 3 is vulnerable to Server-Side Request Forgery (SSRF) via the SSL Certificate Retrieval endpoint. A user holding the nexus:ssl-truststore:read permission could cause the server to initiate outbound connections to internal or otherwise restricted network hosts. This issue affects Nexus Repository 3.0.0 through versions prior to 3.94.0.

CWE CWE-918
Vendor sonatype
Product nexus repository
Published Jul 14, 2026
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for sonatype nexus repository

Be the first to know when new unknown vulnerabilities affecting sonatype nexus repository are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Sonatype / Nexus Repository
3.0.0 < 3.94.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
help.sonatype.com: https://help.sonatype.com/en/sonatype-nexus-repository-3-94-0-release-notes.html support.sonatype.com: https://support.sonatype.com/hc/en-us/articles/53126069518227

Credits

Muhamad Burhanudin