CVE-2026-0600

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository versions 3.0.0 and later

Description A Server-Side Request Forgery (SSRF) issue exists in Sonatype Nexus Repository. Authenticated administrators can configure proxy repositories with URLs that may access unintended network destinations, potentially including cloud metadata services and internal network resources. A workaround configuration is available starting in version 3.88.0, but the product remains vulnerable by default.

Recommendations Versions prior to 3.88.0 are vulnerable. Apply the workaround configuration available in version 3.88.0.