2 matches found
CVE-2026-14645
Nexus Repository 3 does not validate the destination of the "Webhook: Global" capability's configured URL before making an outbound HTTP request, allowing a user holding the Capability Administration permission to cause the server to send requests to internal network locations Server-Side Request...
CVE-2026-14645 Nexus Repository 3 - Server-Side Request Forgery (SSRF) via Webhook: Global Capability
Nexus Repository 3 does not validate the destination of the "Webhook: Global" capability's configured URL before making an outbound HTTP request, allowing a user holding the Capability Administration permission to cause the server to send requests to internal network locations Server-Side Request...