Sandboxing the Caches: Inside Cargo's Battle Against Registry Vulnerabilities

The software supply chain has become a primary combat zone for cybersecurity. While Rust’s compiler is famous for preventing memory safety vulnerabilities, the tooling surrounding the language—specifically Cargo—must also act as an impregnable fortress. Recently, the Rust Security Response Team disclosed two security advisories, CVE-2026-5223 and CVE-2026-5222, which exposed vulnerabilities within Cargo's local cache layout and URL normalization mechanisms. Both were quickly resolved with the release of Rust 1.96.0.

CVE-2026-5223: Exploding the Local Cache with Symlinks

The more severe issue, CVE-2026-5223 (Medium severity), targeted Cargo’s local cache extraction. When Cargo fetches a crate, it extracts the tarball into a local cache directory inside ~/.cargo. Cargo implements directory-traversal protections to prevent malicious crates from writing files outside of their designated cache folder.

However, researcher Christos Papakonstantinou discovered a clever bypass: using symbolic links (symlinks). By crafting a malicious tarball containing strategically placed symlinks, an attacker could force Cargo to resolve paths outside of the crate's cache, escaping one level up in the directory hierarchy. This allowed a malicious package to overwrite the cached source code of other crates belonging to the same third-party registry.

Importantly, crates.io users are unaffected because the official public registry strictly forbids symlinks during upload. The danger lies entirely with private registries, mirrors, and enterprise package feeds.

CVE-2026-5222: URL Normalization and Token Leaks

The second vulnerability, CVE-2026-5222 (Low severity), represents a subtle bug in legacy URL normalization.

Cargo traditionally normalized registry URLs by stripping the .git suffix to avoid duplicate downloads. However, this normalization logic was accidentally applied to modern sparse index registries. Unlike Git, standard HTTPS servers treat URLs with and without .git as completely separate endpoints.

If an attacker and a victim both use a domain hosting multiple sparse registries (e.g., company.com/index and company.com/index.git), the attacker could upload a crate that depends on a crate from the .git variation. When Cargo resolved the dependency, it would mistakenly treat both registries as identical, causing it to leak the user's private Cargo authentication token to the attacker’s registry.

Swift Mitigations in Rust 1.96.0

Rust 1.96.0 swiftly shuts down both attack vectors:

• For CVE-2026-5223: Cargo now entirely rejects extracting any symlinks within crate tarballs, regardless of the registry source.
• For CVE-2026-5222: Cargo will now only strip the .git suffix from URLs explicitly utilizing the Git protocol.

For enterprise teams utilizing private registries, upgrading to Rust 1.96.0 is critical to securing your local build pipelines and preventing supply chain manipulation.