FIND-20260329-003 · 2026-03-29 · Innovation Veille

RUSTSEC-2026-0038 / CVE-2026-30960 — rssn crate CRITICAL: arbitrary code execution via JIT/CFFI (CVSS 9.4)

cve LOW
RUSTSEC-2026-0038 (CVE-2026-30960, GHSA-9c4h-pwmf-m6fj) is a CRITICAL vulnerability (CVSS 9.4) in the rssn crate on crates.io. The JIT compilation engine exposed via CFFI accepts malicious parameters allowing arbitrary code execution at the host process privilege level. Categories: code-execution, memory-corruption, memory-exposure, privilege-escalation. Advisory published 2026-03-10. ODS does not use the rssn crate in any service — no action required. Severity is CRITICAL but ODS impact is none.

Source

https://rustsec.org/advisories/RUSTSEC-2026-0038.html

ODS Impact

ODS does not depend on the rssn crate. No Rust services in the stack use rssn. No action required. Informational only.

Security Review

License: N/A | Maintenance: STALE | Risk: HIGH | Recommendation: DO_NOT_USE

Tags

cve rust critical jit code-execution rustsec
Generated by ODS Innovation Veille · 2026-03-29T01:02:13+00:00