RUSTSEC-2026-0081

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2026-0081

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0081.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2026-0081

Published

2026-04-05T12:00:00Z

Modified

2026-04-06T00:00:06.353644Z

Summary

`logtrace` was removed from crates.io for malicious code

Details

logtrace appeared to be downloading a RAT.

The malicious crate had 2 versions published on 2026-04-01 that had a total of 30 downloads. There were no crates depending on this crate on crates.io.

Thanks to Socket.dev for detecting and reporting this to the crates.io team!

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / logtrace

Package

Name: logtrace; View open source insights on deps.dev
Purl: pkg:cargo/logtrace

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Ecosystem specific

{
    "affects": {
        "arch": [],
        "functions": [],
        "os": []
    },
    "affected_functions": null
}

Database specific

source

"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0081.json"

cvss

null