CVE-2026-14645: CWE-918 Server-Side Request Forgery (SSRF) in Sonatype Nexus Repository 3
CVE-2026-14645 is a Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 version 3.0.0. The vulnerability arises because the product does not validate the destination URL configured for the "Webhook: Global" capability before making outbound HTTP requests. A user with Capability Administration permission can exploit this to make the server send requests to internal network locations. Since this permission can be assigned to roles independent of authentication, an unauthenticated user might also trigger this behavior if the anonymous role has this permission.
AI Analysis
Technical Summary
Sonatype Nexus Repository 3 version 3.0.0 contains an SSRF vulnerability (CWE-918) where the "Webhook: Global" capability's configured URL is not validated before the server issues outbound HTTP requests. This allows users with Capability Administration permission, which can be assigned via roles and may include unauthenticated users if the anonymous role has the permission, to cause the server to send requests to internal network locations. This could potentially be used to access or interact with internal resources that are otherwise inaccessible externally.
Potential Impact
An attacker with Capability Administration permission can induce the Nexus Repository server to send arbitrary HTTP requests to internal network locations, potentially accessing or interacting with internal services. Because the permission can be granted to unauthenticated users via role assignment, the vulnerability could be exploited without authentication if the anonymous role is misconfigured. The CVSS 4.0 base score is 5.1 (medium severity), reflecting network attack vector, low complexity, no user interaction, and limited impact on integrity and availability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, review and restrict the assignment of the Capability Administration permission, especially ensuring that the anonymous role does not have this permission. Limit exposure by validating and controlling webhook URLs configured in the system to prevent SSRF exploitation.
CVE-2026-14645: CWE-918 Server-Side Request Forgery (SSRF) in Sonatype Nexus Repository 3
Description
CVE-2026-14645 is a Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 version 3.0.0. The vulnerability arises because the product does not validate the destination URL configured for the "Webhook: Global" capability before making outbound HTTP requests. A user with Capability Administration permission can exploit this to make the server send requests to internal network locations. Since this permission can be assigned to roles independent of authentication, an unauthenticated user might also trigger this behavior if the anonymous role has this permission.
CVSS v4.0
Score 5.1medium
Affected software
pkg:maven/sonatype/nexus_repository_managercpe:2.3:a:sonatype:nexus_repository_manager:3.0.0:*:*:*:*:*:*:*cpe:2.3:a:sonatype:nexus_repository_manager:3.0.1:*:*:*:*:*:*:*cpe:2.3:a:sonatype:nexus_repository_manager:3.0.2:*:*:*:*:*:*:*cpe:2.3:a:sonatype:nexus_repository_manager:3.1.0:*:*:*:*:*:*:*cpe:2.3:a:sonatype:nexus_repository_manager:3.2.0:*:*:*:*:*:*:*cpe:2.3:a:sonatype:nexus_repository_manager:3.2.1:*:*:*:*:*:*:*Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Sonatype Nexus Repository 3 version 3.0.0 contains an SSRF vulnerability (CWE-918) where the "Webhook: Global" capability's configured URL is not validated before the server issues outbound HTTP requests. This allows users with Capability Administration permission, which can be assigned via roles and may include unauthenticated users if the anonymous role has the permission, to cause the server to send requests to internal network locations. This could potentially be used to access or interact with internal resources that are otherwise inaccessible externally.
Potential Impact
An attacker with Capability Administration permission can induce the Nexus Repository server to send arbitrary HTTP requests to internal network locations, potentially accessing or interacting with internal services. Because the permission can be granted to unauthenticated users via role assignment, the vulnerability could be exploited without authentication if the anonymous role is misconfigured. The CVSS 4.0 base score is 5.1 (medium severity), reflecting network attack vector, low complexity, no user interaction, and limited impact on integrity and availability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, review and restrict the assignment of the Capability Administration permission, especially ensuring that the anonymous role does not have this permission. Limit exposure by validating and controlling webhook URLs configured in the system to prevent SSRF exploitation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Sonatype
- Date Reserved
- 2026-07-03T17:56:11.243Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a56684668715ace43dcfe6d
Added to database: 07/14/2026, 16:48:06 UTC
Last enriched: 07/14/2026, 17:03:22 UTC
Last updated: 07/14/2026, 21:43:41 UTC
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.