CNNVD-202601-2350 Information

CNNVD ID

CNNVD-202601-2350

Related CVE

CVE-2026-0600

• CNNVD Published: 2026-01-14

Description (Chinese)

Sonatype Nexus Repository是美国Sonatype公司的一款存储库管理器，它主要用于管理、存储和分发软件等。 Sonatype Nexus Repository 3 3.0.0及之后版本存在安全漏洞，该漏洞源于对代理存储库URL验证不当，可能导致服务端请求伪造。

Description (English)

Sonatipe Nexus Repivory is a repository manager of Sonatipe, United States, which is used mainly for the management, storage and distribution of software. There is a security loophole in Sonatipe Nexus Repository 3.0.0 et seq., which arises from the improper verification of the URL of the agent repository, which may lead to the forgery of service-level requests.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Sonatype

Published

2026-01-14

Last Modified

2026-02-24

References

https://support.sonatype.com/hc/en-us/articles/47928855816595 https://access.redhat.com/security/cve/cve-2026-0600

Patch

https://www.sonatype.com/products/nexus-community-edition-download