Back to CVE List

CVE-2026-7494

Vulnerability Description

Nexus Repository 3 is vulnerable to Server-Side Request Forgery (SSRF) via the SSL Certificate Retrieval endpoint. A user holding the nexus:ssl-truststore:read permission could cause the server to initiate outbound connections to internal or otherwise restricted network hosts. This issue affects Nexus Repository 3.0.0 through versions prior to 3.94.0.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-918
Source
NVD

External References

Discussion (0)

Add Comment

No comments yet. Be the first!