Vulnerability Description
Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network resources. A workaround configuration is available starting in version 3.88.0, but the product remains vulnerable by default.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-0600?
CVE-2026-0600 is a documented vulnerability. Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access u...
How severe is CVE-2026-0600?
CVSS scoring is not yet available for CVE-2026-0600. Check NVD for updates.
Is there a patch for CVE-2026-0600?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.