Security Advisory

CVE-2026-3438

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-08 22:16:09

Last updated 2026-04-09 13:18:17

Assigner Sonatype

State PUBLISHED

Description

A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victims browser through a specially crafted URL. Exploitation requires user interaction.

← Browse all CVEs View on cve.org ↗