RUSTSEC-2026-0155

See a problem?
Please try reporting it to the source first.
Source
https://rustsec.org/advisories/RUSTSEC-2026-0155
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0155.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2026-0155
Published
2026-06-02T12:00:00Z
Modified
2026-06-03T09:00:04.820000621Z
Summary
`exploration` was removed from crates.io for malicious code
Details

A method within the exploration crate attempted to download and execute a payload from a remote site.

The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io.

Thanks to Kirill Boychenko from the Socket Threat Research Team for reporting this crate.

Database specific 
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / exploration

Package

Name
exploration
View open source insights on deps.dev
Purl
pkg:cargo/exploration

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0

Ecosystem specific 

{
    "affected_functions": null,
    "affects": {
        "arch": [],
        "functions": [],
        "os": []
    }
}

Database specific

categories 
[
    "malicious"
]
informational 
null
source 
"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0155.json"
cvss 
null