CVE-2026-5223: Crates in third party registries can override the cached source of other crates
6 views
Skip to first unread message
Emily Albini
4:35 AM (3 hours ago) 4:35 AM
to rustlang-securi...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
# CVE-2026-5223: Crates in third party registries can override the cached source of other crates
The Rust Security Response Team was notified that Cargo incorrectly handled
symlinks inside of crate tarballs downloaded from third-party registries,
allowing a malicious crate to override the source code of another crate from the
same registry.
This vulnerability is tracked as CVE-2026-5223. The severity of the
vulnerability is **medium** for users of third-party registries. Users of
crates.io are **not affected**, as crates.io forbids uploading crates containing
any symlink.
## Overview
When building a crate, Cargo extracts its source code in a local cache (stored
within `~/.cargo`), reusing it for any future build. Cargo includes protections
to prevent any file from being extracted outside of the crate's own cache
directory.
It was discovered that it's possible to craft a malicious tarball able to
extract files one level below the crate's own cache directory. With the way the
cache is structured, that allowed the malicious crate to override the cache of
other crates belonging to the same registry.
## Mitigations
Rust 1.96.0, to be released on May 28th, 2026, will update Cargo to reject
extracting *any* symlink within crate tarballs, regardless of whether they come
from crates.io (which already forbids them) or third-party registries. Note that
Cargo never added symlinks when running `cargo package` or `cargo publish`, so
the impact of this should be minimal.
Users who are not able to upgrade to the most recent Rust version are
recommended to audit the contents of their registry for the presence of any
symlink, and to configure their registry to reject symlink (if such option is
available).
## Affected versions
All versions of Cargo shipped before Rust 1.96.0 are affected.
## Acknowledgements
We'd like to thank Christos Papakonstantinou for reporting this to us according
to the [Rust security policy][1].
We also want to thank the members of the Rust project who helped us address the
vulnerability: Josh Triplett for developing the fix; Arlo Siemsen for reviewing
the fix; Emily Albini for writing this advisory; Emily Albini, Josh Stone and
Manish Goregaokar for coordinating the disclosure; Ed Page and Eric Huss for
advising during the disclosure.
[1]: https://rust-lang.org/policies/security
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEV2nIi/XdPRSiNKes77mGCudSDawFAmoUBz4ACgkQ77mGCudS
DaySrQ//cxD4YYy5+EzalrWrrPGYjkoLgB0lvpf24yFXDJkAq43Gm2NNLpZfImNU
jsXIVkMdc+pLpDo8cosuTGN8Vv9NSC+MM5R421W/AsADMrGnupqOgw6KtR9jITRS
WNI/aPHJUPUlv0eY8ze8Q3X05yZA55cmyDFCmmcN0XWD2GSF+c5EwLmNz8k/lFXZ
62QdaBfEnaz5oHivpa4xlntEUL0CJj5wQHzQ11rJoBPf3kHrZEkrko459WtVtAn4
P7XbjfieSoNECvFaadE2czIsAc/mS4+/xkmEzwdrkYSbQYogXmAVux9I59NKlg07
zRnwLNeDfrocTU29IcuA6QwrL6V1EGCO250tFPEAuajBFqdTdvlGZf5fL/krY3wn
ZU2qLDBdc/oUG7dNMLh4g+S4heGj+nNYoZRFNkBZiEhq1jgMhy3KBNu9j+Yv/9PM
JvJxIrP7tHBRljYIfovs6QcqfjPN+Rgb/Iq4Zrk+WruH7pz28dKwtuvr0WYYQ49O
qOzRQv5KGrT9leIPv9zQfGvFOKMq5adF/dVPu4DRLedWQmLgEv22w6EhgcIJnHV7
0Cg8WcTV4x5clMZ2n9T5Go07i1TPxbo2CMLG1AOOCDI5if36spfbnMEZ2Ub4wWhu
SvCabveAW4gXqbGw72r2aKO5xKtORmWq1zPXZj8QlnLoQgcw5Ng=
=JRQy
-----END PGP SIGNATURE-----
Hash: SHA512
# CVE-2026-5223: Crates in third party registries can override the cached source of other crates
The Rust Security Response Team was notified that Cargo incorrectly handled
symlinks inside of crate tarballs downloaded from third-party registries,
allowing a malicious crate to override the source code of another crate from the
same registry.
This vulnerability is tracked as CVE-2026-5223. The severity of the
vulnerability is **medium** for users of third-party registries. Users of
crates.io are **not affected**, as crates.io forbids uploading crates containing
any symlink.
## Overview
When building a crate, Cargo extracts its source code in a local cache (stored
within `~/.cargo`), reusing it for any future build. Cargo includes protections
to prevent any file from being extracted outside of the crate's own cache
directory.
It was discovered that it's possible to craft a malicious tarball able to
extract files one level below the crate's own cache directory. With the way the
cache is structured, that allowed the malicious crate to override the cache of
other crates belonging to the same registry.
## Mitigations
Rust 1.96.0, to be released on May 28th, 2026, will update Cargo to reject
extracting *any* symlink within crate tarballs, regardless of whether they come
from crates.io (which already forbids them) or third-party registries. Note that
Cargo never added symlinks when running `cargo package` or `cargo publish`, so
the impact of this should be minimal.
Users who are not able to upgrade to the most recent Rust version are
recommended to audit the contents of their registry for the presence of any
symlink, and to configure their registry to reject symlink (if such option is
available).
## Affected versions
All versions of Cargo shipped before Rust 1.96.0 are affected.
## Acknowledgements
We'd like to thank Christos Papakonstantinou for reporting this to us according
to the [Rust security policy][1].
We also want to thank the members of the Rust project who helped us address the
vulnerability: Josh Triplett for developing the fix; Arlo Siemsen for reviewing
the fix; Emily Albini for writing this advisory; Emily Albini, Josh Stone and
Manish Goregaokar for coordinating the disclosure; Ed Page and Eric Huss for
advising during the disclosure.
[1]: https://rust-lang.org/policies/security
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEV2nIi/XdPRSiNKes77mGCudSDawFAmoUBz4ACgkQ77mGCudS
DaySrQ//cxD4YYy5+EzalrWrrPGYjkoLgB0lvpf24yFXDJkAq43Gm2NNLpZfImNU
jsXIVkMdc+pLpDo8cosuTGN8Vv9NSC+MM5R421W/AsADMrGnupqOgw6KtR9jITRS
WNI/aPHJUPUlv0eY8ze8Q3X05yZA55cmyDFCmmcN0XWD2GSF+c5EwLmNz8k/lFXZ
62QdaBfEnaz5oHivpa4xlntEUL0CJj5wQHzQ11rJoBPf3kHrZEkrko459WtVtAn4
P7XbjfieSoNECvFaadE2czIsAc/mS4+/xkmEzwdrkYSbQYogXmAVux9I59NKlg07
zRnwLNeDfrocTU29IcuA6QwrL6V1EGCO250tFPEAuajBFqdTdvlGZf5fL/krY3wn
ZU2qLDBdc/oUG7dNMLh4g+S4heGj+nNYoZRFNkBZiEhq1jgMhy3KBNu9j+Yv/9PM
JvJxIrP7tHBRljYIfovs6QcqfjPN+Rgb/Iq4Zrk+WruH7pz28dKwtuvr0WYYQ49O
qOzRQv5KGrT9leIPv9zQfGvFOKMq5adF/dVPu4DRLedWQmLgEv22w6EhgcIJnHV7
0Cg8WcTV4x5clMZ2n9T5Go07i1TPxbo2CMLG1AOOCDI5if36spfbnMEZ2Ub4wWhu
SvCabveAW4gXqbGw72r2aKO5xKtORmWq1zPXZj8QlnLoQgcw5Ng=
=JRQy
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages