CVE-2026-3048

Published: Mag 11, 2026 Last Modified: Mag 11, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,1

Source: 103e4ec9-0a87-450b-af77-479448ddef11

Attack Vector: network

Attack Complexity: low

Privileges Required: high

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server.

502

Deserialization of Untrusted Data

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Availability Other

Potential Impacts:

Modify Application Data Unexpected State Dos: Resource Consumption (Cpu) Varies By Context

Applicable Platforms

Languages: Java, JavaScript, PHP, Python, Ruby

Technologies: AI/ML, ICS/OT, Not Technology-Specific

Likelihood of Exploit: Medium

View CWE Details

918

Server-Side Request Forgery (SSRF)

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Access Control

Potential Impacts:

Read Application Data Execute Unauthorized Code Or Commands Bypass Protection Mechanism

Applicable Platforms

Technologies: AI/ML, Web Based, Web Server

View CWE Details

https://help.sonatype.com/en/sonatype-nexus-repository-3-92…

https://help.sonatype.com/en/sonatype-nexus-repository-3-92-0-release-notes.html

https://support.sonatype.com/hc/en-us/articles/515916954626…

https://support.sonatype.com/hc/en-us/articles/51591695462675

CVE-2026-3048

Description

Deserialization of Untrusted Data

Common Consequences

Applicable Platforms

Server-Side Request Forgery (SSRF)

Common Consequences

Applicable Platforms

Iscriviti alla newsletter