MEDIUM
Rust Project
CVE published 2026-05-25
CVE-2026-5223
CVE-2026-5223 is a medium-severity vulnerability in Cargo, the Rust package manager and build system. The flaw stems from improper handling of symbolic links (symlinks) within crate tarballs downloaded from third-party registries. A malicious crate can exploit this behavior to override the source code of another crate from the same registry, potentially leading to supply chain compromise. The vulnerabilit [truncated]