#VU121281 Server-Side Request Forgery (SSRF) in Nexus Repository Manager - CVE-2026-0600
Published: January 13, 2026
Vulnerability identifier: #VU121281
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-0600
CWE-ID: CWE-918
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Nexus Repository Manager
Nexus Repository Manager
Software vendor:
Sonatype Inc.
Sonatype Inc.
Description
The disclosed vulnerability allows a remote user to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input. A remote administrator can configure a proxy repository with a remote storage URL that, when accessed by users, allows the server to make requests to unintended network destinations including cloud metadata services and internal networks.
Remediation
Install updates from vendor's website.