A vulnerability has been found in rust-lang Cargo up to 1.95.x and classified as critical . Affected by this issue is some unknown functionality. Performing a manipulation results in symlink following. This vulnerability is reported as CVE-2026-5223 . The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.