CVE-2026-5222: Cargo Credential Leak Between Registries
🟠 High | Source: Microsoft Security Response Center CVE-2026-5222 is a vulnerability in Cargo, the Rust package manager, where it can be tricked into sending authentication credentials intended for one registry to a different, potentially untrusted registry. This credential leakage could allow an attacker to harvest tokens used to access private package registries. The issue is particularly relevant in CI/CD pipelines and cloud build environments where registry credentials are commonly stored as secrets. ...