Cargo

🟠 High | Source: Microsoft Security Response Center CVE-2026-5222 is a vulnerability in Cargo, the Rust package manager, where it can be tricked into sending authentication credentials intended for one registry to a different, potentially untrusted registry. This credential leakage could allow an attacker to harvest tokens used to access private package registries. The issue is particularly relevant in CI/CD pipelines and cloud build environments where registry credentials are commonly stored as secrets. ...

🟠 High | Source: Microsoft Security Response Center CVE-2026-5223 is a vulnerability in Rust’s package management ecosystem where crates hosted in third-party registries can override the cached source of legitimately installed crates. This creates a supply chain risk, as a malicious or compromised third-party registry could substitute trusted package code with altered versions. The impact is particularly significant in CI/CD pipelines and cloud build environments where dependency caching is widely used. ...