GHSA-99j7-fhr2-xfj4Critical▾ Midnight`exploration` was removed from crates.io for malicious code
▾ Midnight zone — Critical, or high with PoC / in-the-wild
impact 52.3 · likelihood 0 · exploitation 0
Need a working PoC? Pro members can cast a request and our team develops one — it lands right here.
A method within the exploration crate attempted to download and execute a payload from a remote site.
The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io.
Rustsec to Kirill Boychenko from the Socket Threat Research Team for reporting this crate.
exploration >= 0Refer to the advisory for the patched release.
Connected by shared product, vendor, weakness, or advisory.