VDB

GCVE-110-CARGO-2026-004882

GCVE-110-CARGO-2026-004882
Advisory Published
Vulnetix · Advisory published July 9, 2026
[SA-VAR-CONCAT-EXEC] variable concatenation resolves to 'curl|sh' (line 10517) — matched: if echo "$RELEASE_CONTENT" | grep -q "Acquire-By-Hash: yes"; then

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Affected Products

VendorProductVersionsPlatforms
cargoinapt* (affected)

References

advisory
web

Browse GCVE Records

73,834 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›