FIND-20260413-004 · 2026-04-13 · Innovation Veille

RUSTSEC-2026-0097: rand Crate Unsoundness with Custom Logger

cve MEDIUM
RUSTSEC-2026-0097 documents an unsoundness issue in the rand crate where using rand::rng() with a custom logger can trigger undefined behavior. The advisory was filed April 11, 2026. Impact is limited to codebases that both use rand and have custom global loggers set up during RNG initialization. ODS Rust services should audit their use of rand and update to a patched version when available.

Source

https://rustsec.org/advisories/

ODS Impact

ODS Rust backend services that use the rand crate (e.g., billing-engine for token generation, oid for session IDs). Run cargo audit on each service to check if rand is a transitive dependency.

Security Review

License: N/A | Maintenance: ACTIVE | Risk: LOW | Recommendation: USE_WITH_CAUTION

Tags

rust rustsec rand unsoundness cve security
Generated by ODS Innovation Veille · 2026-04-13T07:06:45+00:00