LOW
Rust
CVE published 2026-05-25
CVE-2026-5222
CVE-2026-5222 is a low-severity vulnerability in Cargo, the Rust package manager, affecting versions 1.68 through 1.96. The issue stems from incorrect URL normalization when Cargo interacts with third-party registries using the sparse index protocol. Specifically, if a hosting provider allows multiple registries to be hosted with arbitrary names within the same domain, an attacker with the ability to publ [truncated]