<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Sun, 12 Jul 2026 19:51:29 +0000</lastBuildDate>
    <item>
      <title>03e23483-3ece-4c33-8cef-1945c06f62db</title>
      <link>https://vulnerability.circl.lu/sighting/03e23483-3ece-4c33-8cef-1945c06f62db/export</link>
      <description>{"uuid": "03e23483-3ece-4c33-8cef-1945c06f62db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-99J7-FHR2-XFJ4", "type": "seen", "source": "https://gist.github.com/alon710/562c94e99a029c25882fbe479b6eb12d", "content": "# GHSA-99J7-FHR2-XFJ4: GHSA-99J7-FHR2-XFJ4: Malicious Remote Code Execution Payload in 'exploration' Cargo Crate\n\n&amp;gt; **CVSS Score:** 10.0\n&amp;gt; **Published:** 2026-07-10\n&amp;gt; **Full Report:** https://cvereports.com/reports/GHSA-99J7-FHR2-XFJ4\n\n## Summary\nThe malicious Cargo package 'exploration' was uploaded to the crates.io registry. During compilation or package import, the crate executes code designed to establish an outbound TCP/HTTP connection, download an external second-stage binary, and execute the binary locally on the host machine. This creates an unauthenticated remote code execution vector impacting developer environments and continuous integration pipelines.\n\n## TL;DR\nThe malicious Rust crate 'exploration' was discovered performing arbitrary command execution and dynamic payload downloads during cargo compilation. It has been removed from the crates.io registry.\n\n## Exploit Status: ACTIVE\n\n## Technical Details\n\n- **CWE ID**: CWE-506\n- **Attack Vector**: Supply Chain Compromise / Registry Abuse\n- **CVSS Score**: 10.0\n- **Exploit Status**: Active Malicious Upload (Removed)\n- **KEV Status**: Not Listed\n- **Primary Impact**: Remote Code Execution (RCE)\n- **Ecosystem**: Cargo (Rust)\n\n## Affected Systems\n\n- Rust development workstations running Cargo compilation\n- CI/CD build pipelines and containerized build runners\n- Self-hosted proxy registries caching public crates.io assets\n- **exploration**: &amp;gt;= 0.0.0-0 (Fixed in: `None (Package Deleted)`)\n\n## Mitigation\n\n- Audit Cargo.toml and Cargo.lock across all internal projects for the 'exploration' dependency.\n- Clear the local Cargo registry and build cache to purge any residual files associated with the malicious crate.\n- Implement outbound network restrictions on CI/CD build environments to block unauthorized dynamic payloads.\n\n**Remediation Steps:**\n1. Inspect all system dependency trees for references to the 'exploration' crate.\n2. Immediately terminate active processes on any host where 'exploration' was compiled or run.\n3. Execute 'cargo clean' and delete local registry cache directories: '~/.cargo/registry/src/' and '~/.cargo/registry/cache/'.\n4. Revoke and rotate all environment variables, SSH keys, registry credentials, and API tokens present on infected systems.\n5. Audit endpoint logs and network telemetry for outbound connections targeting unauthorized endpoints during the compilation window.\n\n## References\n\n- [GitHub Security Advisory: GHSA-99J7-FHR2-XFJ4](https://github.com/advisories/GHSA-99J7-FHR2-XFJ4)\n- [RustSec Advisory Database Page](https://rustsec.org/advisories/RUSTSEC-2026-0155.html)\n- [Raw RustSec GitHub Advisory Entry](https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/exploration/RUSTSEC-2026-0155.md)\n- [Affected Package Registry Stub](https://crates.io/crates/exploration)\n- [Socket Threat Research Team Homepage](https://socket.dev/)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-99J7-FHR2-XFJ4) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-11T03:12:22.963421Z"}</description>
      <content:encoded>{"uuid": "03e23483-3ece-4c33-8cef-1945c06f62db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-99J7-FHR2-XFJ4", "type": "seen", "source": "https://gist.github.com/alon710/562c94e99a029c25882fbe479b6eb12d", "content": "# GHSA-99J7-FHR2-XFJ4: GHSA-99J7-FHR2-XFJ4: Malicious Remote Code Execution Payload in 'exploration' Cargo Crate\n\n&amp;gt; **CVSS Score:** 10.0\n&amp;gt; **Published:** 2026-07-10\n&amp;gt; **Full Report:** https://cvereports.com/reports/GHSA-99J7-FHR2-XFJ4\n\n## Summary\nThe malicious Cargo package 'exploration' was uploaded to the crates.io registry. During compilation or package import, the crate executes code designed to establish an outbound TCP/HTTP connection, download an external second-stage binary, and execute the binary locally on the host machine. This creates an unauthenticated remote code execution vector impacting developer environments and continuous integration pipelines.\n\n## TL;DR\nThe malicious Rust crate 'exploration' was discovered performing arbitrary command execution and dynamic payload downloads during cargo compilation. It has been removed from the crates.io registry.\n\n## Exploit Status: ACTIVE\n\n## Technical Details\n\n- **CWE ID**: CWE-506\n- **Attack Vector**: Supply Chain Compromise / Registry Abuse\n- **CVSS Score**: 10.0\n- **Exploit Status**: Active Malicious Upload (Removed)\n- **KEV Status**: Not Listed\n- **Primary Impact**: Remote Code Execution (RCE)\n- **Ecosystem**: Cargo (Rust)\n\n## Affected Systems\n\n- Rust development workstations running Cargo compilation\n- CI/CD build pipelines and containerized build runners\n- Self-hosted proxy registries caching public crates.io assets\n- **exploration**: &amp;gt;= 0.0.0-0 (Fixed in: `None (Package Deleted)`)\n\n## Mitigation\n\n- Audit Cargo.toml and Cargo.lock across all internal projects for the 'exploration' dependency.\n- Clear the local Cargo registry and build cache to purge any residual files associated with the malicious crate.\n- Implement outbound network restrictions on CI/CD build environments to block unauthorized dynamic payloads.\n\n**Remediation Steps:**\n1. Inspect all system dependency trees for references to the 'exploration' crate.\n2. Immediately terminate active processes on any host where 'exploration' was compiled or run.\n3. Execute 'cargo clean' and delete local registry cache directories: '~/.cargo/registry/src/' and '~/.cargo/registry/cache/'.\n4. Revoke and rotate all environment variables, SSH keys, registry credentials, and API tokens present on infected systems.\n5. Audit endpoint logs and network telemetry for outbound connections targeting unauthorized endpoints during the compilation window.\n\n## References\n\n- [GitHub Security Advisory: GHSA-99J7-FHR2-XFJ4](https://github.com/advisories/GHSA-99J7-FHR2-XFJ4)\n- [RustSec Advisory Database Page](https://rustsec.org/advisories/RUSTSEC-2026-0155.html)\n- [Raw RustSec GitHub Advisory Entry](https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/exploration/RUSTSEC-2026-0155.md)\n- [Affected Package Registry Stub](https://crates.io/crates/exploration)\n- [Socket Threat Research Team Homepage](https://socket.dev/)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-99J7-FHR2-XFJ4) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-11T03:12:22.963421Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/03e23483-3ece-4c33-8cef-1945c06f62db/export</guid>
      <pubDate>Sat, 11 Jul 2026 03:12:22 +0000</pubDate>
    </item>
  </channel>
</rss>
