JVN#64861120
Sonatype Nexus Repository vulnerable to server-side request forgery
Overview
Nexus Repository provided by Sonatype is vulnerable to server-side request forgery.
Products Affected
- Nexus Repository, 3.0.0 and later versions (both Community Edition and Professional Edition are affected)
Description
Nexus Repository provided by Sonatype contains the following vulnerability.
- Server-side request forgery (CWE-918)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N Base Score 6.2
- CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N Base Score 7.6
- CVE-2026-0600
Impact
The remote storage URL can be configured to point to some network destination, such as cloud meta data services or inside the local networks, which are not expected to be accessed from the product.
Solution
Update and Configure the Software Appropriately
The version 3.88.0 introduces optional URL validation functionality.
Update the software to version 3.88.0 or later, and configure this URL validation properly.
For more information, refer to the information provided by the developer.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
|
| JVN iPedia |
JVNDB-2026-000015 |