{"vulnerability": "CVE-2026-5222", "sightings": [{"uuid": "64a385b8-07ad-4934-b30b-e9e3ed394e6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5222", "type": "seen", "source": "https://bsky.app/profile/feedbot.unronritaro.net/post/3mmo5ahvngy2z", "content": "Security Advisory for Cargo (CVE-2026-5222) | Rust Blog", "creation_timestamp": "2026-05-25T09:14:06.570136Z"}, {"uuid": "5603c35e-7fbf-453f-8d9f-51834861622b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-5222", "type": "seen", "source": "https://bsky.app/profile/planetmozilla.bsky.social/post/3mmod65ugme23", "content": "The Rust Programming Language Blog: Security Advisory for Cargo (CVE-2026-5222) https://blog.rust-lang.org/2026/05/25/cve-2026-5222/", "creation_timestamp": "2026-05-25T11:00:10.993975Z"}, {"uuid": "64e91704-3410-4a8d-97aa-af10e160e1f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5222", "type": "seen", "source": "https://bsky.app/profile/crustytldr.bsky.social/post/3mmpvpdugoc2u", "content": "\ud83d\udd12 Security Advisory for Cargo (CVE-2026-5222)\n\nRust's Cargo has a low-severity vulnerability (CVE-2026-5222) where it incorrectly normalized URLs for sparse index registries, potent...\n\nhttps://tinyurl.com/4jt9z7k4 #CyberSecurity #InfoSec #CrustyTLDR", "creation_timestamp": "2026-05-26T02:04:34.944112Z"}, {"uuid": "c994ae19-fb9f-4380-b4bf-ce38985a8e32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5222", "type": "seen", "source": "https://bsky.app/profile/rustaceans.bsky.social/post/3mmouayf62v24", "content": "JUST IN: Security Advisory for Cargo (CVE-2026-5222) \n\n>> Cargo CVE-2026-5222: Sparse registry URL normalization flaw lets attackers steal credentials from third-party registries under niche conditions. Fixed in Rust 1.96.\n\n#rustlang #rustlang", "creation_timestamp": "2026-05-25T16:06:18.552684Z"}]}