6 matches found
EUVD-2026-31658
Cargo crates in third party registries can override the cached source of other crates...
CVE-2026-5223
Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...
CVE-2026-5223 Crates in third party registries can override the cached source of other crates
Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...
CVE-2026-5223
Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...
CVE-2026-5223
CVE-2026-5223 affects Cargo: symlinks inside crate tarballs from third-party registries can cause a malicious crate to override the cached source of another crate from the same registry. The issue is due to how symlinks are handled, enabling modification of source files after download. Impact is ...
CVE-2026-5223
Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...