SB2026051242 - Multiple vulnerabilities in Nexus Repository Manager

Description

This security bulletin contains information about 2 vulnerabilities.

1) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2026-3048)

The vulnerability allows a remote user to initiate unintended server-side connections.

The vulnerability exists due to improper LDAP referral handling in the LDAP authentication component when configuring or testing LDAP connectivity against a malicious LDAP server. A remote user can configure or test LDAP connectivity with an attacker-controlled LDAP server to initiate unintended server-side connections.

The issue only affects instances where LDAP authentication is configured or being configured, and an administrator may also be influenced to test connectivity against an attacker-controlled LDAP server.

2) Cross-site scripting (CVE-ID: CVE-2026-7308)

The vulnerability allows a remote user to execute arbitrary JavaScript in the browser of another user and perform actions in the context of the victim's session.

The vulnerability exists due to stored cross-site scripting in the HTML index page for hosted repository directory browsing when rendering uploaded content. A remote user can upload crafted content to a hosted repository to execute arbitrary JavaScript in the browser of another user and perform actions in the context of the victim's session.

User interaction is required, as a separate user must browse the repository contents via the built-in HTML index page.

Remediation

Install update from vendor's website.

References

• https://support.sonatype.com/hc/en-us/articles/51591695462675-CVE-2026-3048-Nexus-Repository-3-Improper-LDAP-Referral-Handling-2026-05-11
• https://support.sonatype.com/hc/en-us/articles/51592065985939-CVE-2026-7308-Nexus-Repository-3-Stored-Cross-Site-Scripting-XSS-2026-05-11