FIND-20260410-008 · 2026-04-10 · Innovation Veille

RUSTSEC-2026-0081 — Malicious crate logtrace downloads RAT (supply chain alert)

cve MEDIUM
The logtrace crate published April 1, 2026 on crates.io was found to contain malicious code that downloads a Remote Access Trojan (RAT). It was detected by Socket.dev and removed from crates.io. 30 total downloads recorded. No other crates on crates.io depended on logtrace, limiting blast radius. Additionally, RUSTSEC-2026-0084 (logprinter) and RUSTSEC-2026-0085/0086 (Wasmtime) were added to the advisory DB on April 9, 2026.

Source

https://rustsec.org/advisories/RUSTSEC-2026-0081.html

ODS Impact

ODS Rust services use several logging crates (tracing, tracing-subscriber). The logtrace crate name is a typosquat targeting developers looking for tracing utilities. Run cargo audit across all ODS Rust services (oid, billing-engine, pdf-engine, docstore) to confirm no dependency on malicious crates. The Wasmtime advisories (RUSTSEC-2026-0085/0086) are not relevant as ODS does not use WebAssembly.

Security Review

License: N/A | Maintenance: ABANDONED | Risk: HIGH | Recommendation: DO_NOT_USE

Tags

rust cve supply-chain malicious-crate rustsec security typosquat
Generated by ODS Innovation Veille · 2026-04-10T00:58:50+00:00