A vulnerability was found in rust-lang Cargo up to 1.95.x and classified as problematic . This affects an unknown part. Executing a manipulation can lead to use of non-canonical url paths for authorization decisions. This vulnerability appears as CVE-2026-5222 . The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.