CVE-2026-14646
Received Received - Intake

BaseFortify

Vulnerability report for CVE-2026-14646, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Sonatype

Description

Nexus Repository 3 did not apply its existing Server-Side Request Forgery (SSRF) protections to HTTP redirect targets returned by proxy repository upstream servers. Any user with read access to a proxy repository backed by an attacker-controlled or compromised upstream server β€” including an anonymous user, if anonymous access is enabled β€” could receive a response from an internal network address or cloud metadata endpoint as repository content, potentially exposing sensitive information such as cloud IAM credentials.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
sonatype nexus_repository 3

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-14646 is a Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 through 3.93.x. The vulnerability occurs because Nexus Repository does not apply its existing SSRF protections to HTTP redirect targets returned by proxy repository upstream servers.

An attacker with read access to a proxy repositoryβ€”including anonymous users if anonymous access is enabledβ€”can exploit this flaw. The attacker could force the repository to make requests to internal network addresses or cloud metadata endpoints, potentially exposing sensitive information such as cloud IAM credentials.

Impact Analysis

This vulnerability can impact you in several ways:

  • Exposure of sensitive internal network information, such as internal IP addresses or services.
  • Potential leakage of cloud IAM credentials if your Nexus Repository is hosted in a cloud environment, which could lead to unauthorized access to cloud resources.
  • Compromise of internal systems if an attacker uses the exposed information to further exploit other vulnerabilities.

The impact is particularly severe if anonymous access is enabled or if proxy repositories are configured to use untrusted or compromised upstream servers.

Compliance Impact

This vulnerability can affect compliance with common standards and regulations in the following ways:

  • GDPR: If the exposed information includes personal data of EU citizens, this could constitute a data breach under GDPR, leading to potential fines and mandatory reporting requirements.
  • HIPAA: If the exposed information includes protected health information (PHI), this could violate HIPAA regulations, resulting in penalties and required remediation efforts.
  • Other standards (e.g., ISO 27001, SOC 2): The exposure of sensitive information or credentials could indicate a failure to implement adequate security controls, potentially leading to non-compliance with these frameworks.

Organizations should assess whether the vulnerability led to unauthorized access or exposure of regulated data and take appropriate steps to mitigate risks and report incidents as required by applicable laws.

Detection Guidance

Detecting this vulnerability requires checking if your Nexus Repository 3 instance is exposed to untrusted or misconfigured proxy repository upstream servers. Since the vulnerability involves SSRF via HTTP redirects, you can perform the following steps:

  • Review proxy repository configurations in Nexus Repository 3 to identify any upstream servers that may return HTTP redirects. Focus on repositories where anonymous or broad read access is enabled.
  • Check Nexus Repository logs for unusual outbound requests to internal or cloud metadata endpoints. Look for requests to addresses like 169.254.169.254 (AWS metadata endpoint) or similar cloud provider endpoints.
  • Use network monitoring tools to inspect traffic from the Nexus Repository server. Look for unexpected HTTP requests to internal IP ranges or cloud metadata services.
  • Verify the Nexus Repository version. If it is between 3.0.0 and 3.93.x, it is vulnerable. You can check the version via the Nexus Repository admin interface or by inspecting the version file in the installation directory.

There are no specific commands provided in the context to detect this vulnerability directly. However, you can use general network monitoring commands like tcpdump or Wireshark to inspect outbound traffic from the Nexus Repository server:

  • tcpdump -i <interface> host <nexus-server-ip> and not port 22 -w nexus_traffic.pcap (Replace <interface> and <nexus-server-ip> with appropriate values.)
  • Analyze the captured traffic for requests to internal or cloud metadata endpoints.
Mitigation Strategies
  • Upgrade to Nexus Repository 3 version 3.94.0 or later, as this version includes the fix for CVE-2026-14646.
  • Restrict proxy repository upstream configurations to trusted hosts only. Avoid using upstream servers that may return HTTP redirects to untrusted or internal addresses.
  • Disable anonymous access to proxy repositories if it is not required. Limit read access to trusted users only.
  • If your Nexus Repository instance is deployed in a cloud environment, rotate any exposed instance or IAM credentials as a precautionary measure.
  • Monitor Nexus Repository logs and network traffic for any signs of exploitation, such as requests to internal or cloud metadata endpoints.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14646. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart