Cargo symlink bug could let crates overwrite cached Rust source code

Cargo’s package cache was the trust boundary most Rust developers never had to think about until now. A malicious crate in a third-party registry could smuggle symlinks into its tarball and, during unpacking, cause another crate’s cached source code to be overwritten during builds.

That flaw, tracked as CVE-2026-5223, landed in Cargo’s crate-extraction path and was disclosed on May 25, 2026. The problem is not limited to a single bad download. Once a cache is poisoned, later builds can read altered source, which cuts straight into reproducibility, supply-chain integrity, and the assumption that the code Cargo fetched is the code Cargo will compile.

The risk matters most for organizations using private or mirrored registries. Cargo does not rely only on crates.io; it supports alternate registries configured in .cargo/config.toml, with their own index URLs and named dependencies. crates.io already forbids symlinks in uploaded crates, so the practical exposure sits mainly with external registries that allow them. In other words, the bug is less about the public registry failing and more about Cargo assuming every registry would behave as strictly as crates.io.

Rust 1.96.0, released on May 28, 2026, closes that gap by rejecting any symlink during crate extraction, no matter where the crate came from. That is a blunt but effective move. Instead of trying to reason about whether a registry is trustworthy enough, Cargo now treats symlinks in unpacked crates as out of bounds.

This is the second extraction-related Cargo advisory in the same stretch of 2026. Earlier, CVE-2026-33056 covered a different path through the third-party tar crate, where malicious crates could change permissions on arbitrary directories during extraction. On March 13, crates.io deployed a mitigation, and the Rust team audited every crate ever published there, confirming that no crates on crates.io were exploiting the issue. The March advisory also credited Sergei Zimmerman for finding the tar vulnerability, with Eric Huss, Tobias Bieniek, Adam Harvey, Walter Pearce, Emily Albini, and Josh Stone among the responders.

What to audit and update now: move to Rust 1.96.0, review every private, mirrored, or alternate registry in .cargo/config.toml, and treat crate extraction as a filesystem write path, not a harmless download step. The latest release also expands Cargo’s registry surface in another way, with dependency multiple locations now supporting git with alternate registries, which makes the hardening around extraction even more timely.

For teams that rely on alternate registries, this bug is the reminder that one poisoned tarball can reach far beyond a single crate. Cargo is tightening the seal exactly where a supply-chain attack would try to slip through.