Reported

June 2, 2026

Issued

June 3, 2026

Package

exploration

Type

Vulnerability

Categories

• malicious

Patched

no patched versions

Description

A method within the exploration crate attempted to download and execute a payload from a remote site.

The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io.

Thanks to Kirill Boychenko from the Socket Threat Research Team for reporting this crate.

Advisory available under CC0-1.0 license.