Nexus Repository 3 - Server-Side Request Forgery (SSRF) via Webhook: Global Capability
Summary
| CVE | CVE-2026-14645 |
|---|---|
| State | PUBLISHED |
| Assigner | Sonatype |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-07-14 17:16:44 UTC |
| Updated | 2026-07-14 17:16:44 UTC |
| Description | Nexus Repository 3 does not validate the destination of the "Webhook: Global" capability's configured URL before making an outbound HTTP request, allowing a user holding the Capability Administration permission to cause the server to send requests to internal network locations (Server-Side Request Forgery). This permission is granted by role assignment, independent of authentication status, so an unauthenticated user could also trigger this behavior if the anonymous role has been granted the permission. |
Risk And Classification
Primary CVSS: v4.0 5.1 MEDIUM from 103e4ec9-0a87-450b-af77-479448ddef11
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Problem Types: CWE-918 | CWE-918 CWE-918 Server-Side Request Forgery (SSRF)
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | 103e4ec9-0a87-450b-af77-479448ddef11 | Secondary | 5.1 | MEDIUM | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/C... |
| 4.0 | CNA | CVSS | 5.1 | MEDIUM | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N |
CVSS v4.0 Breakdown
Attack Vector
NetworkAttack Complexity
LowAttack Requirements
NonePrivileges Required
HighUser Interaction
NoneConfidentiality
NoneIntegrity
LowAvailability
NoneSub Conf.
LowSub Integrity
LowSub Availability
NoneCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Sonatype | Nexus Repository 3 | affected 3.0.0 3.94.0 semver | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| support.sonatype.com/hc/en-us/articles/53158843564179 | 103e4ec9-0a87-450b-af77-479448ddef11 | support.sonatype.com | |
| help.sonatype.com/en/sonatype-nexus-repository-3-94-0-release-notes.html | 103e4ec9-0a87-450b-af77-479448ddef11 | help.sonatype.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Ky0toFu (en)
There are currently no legacy QID mappings associated with this CVE.