CVE-2026-3048

Vulnerability Description

An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server.

Related Weaknesses (CWE)

CWE-918 CWE-502

References

https://help.sonatype.com/en/sonatype-nexus-repository-3-92-0-release-notes.html
https://support.sonatype.com/hc/en-us/articles/51591695462675

FAQ

What is CVE-2026-3048?

CVE-2026-3048 is a documented vulnerability. An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections w...

How severe is CVE-2026-3048?

CVSS scoring is not yet available for CVE-2026-3048. Check NVD for updates.

Is there a patch for CVE-2026-3048?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.