CVE-2026-5222

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

CVE-2026-5222 Cargo can be coerced to share credentials between registries

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

Cargo 安全漏洞

Cargo is a Rust package manager open-sourced by The Rust Programming Language. A security vulnerability exists in Cargo versions 1.68 through 1.96, which stems from a misnormalization of third-party registry URLs that use the sparse indexing protocol, where an attacker who is able to publish crat...

changeRegistries() from the Tokenomics contract changes different registries at the same time.

Lines of code Vulnerability details Impact In a case where either one of the agent, component or service registry are deprecated, attempting to replace the compromised registry necessitates an overall replacement of all the other registries. This not only utilizes excess gas but can also bring...