Medium severityNVD Advisory· Published Apr 8, 2026· Updated Apr 13, 2026
CVE-2026-3438
CVE-2026-3438
Description
A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: >=3.0.0 <=3.90.2
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.