CVE-2026-7494
Nexus Repository - SSRF in SSL Certificate Retrieval
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Nexus Repository 3 is vulnerable to Server-Side Request Forgery (SSRF) via the SSL Certificate Retrieval endpoint. A user holding the nexus:ssl-truststore:read permission could cause the server to initiate outbound connections to internal or otherwise restricted network hosts. This issue affects Nexus Repository 3.0.0 through versions prior to 3.94.0.
| CWE | CWE-918 |
| Vendor | sonatype |
| Product | nexus repository |
| Published | Jul 14, 2026 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for sonatype nexus repository
Be the first to know when new unknown vulnerabilities affecting sonatype nexus repository are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Sonatype / Nexus Repository
3.0.0 < 3.94.0
References
Credits
Muhamad Burhanudin