0.2.10
0.2.9
0.2.9
CVE-2026-30960 represents a critical code injection vulnerability discovered in the rssn Rust library. This flaw allows attackers to inject and execute arbitrary code due to insufficient input validation within the JIT compilation engine, which is exposed through the CFFI. Versions prior to 0.2.9 are affected, and a patch has been released to address the issue.
The vulnerability lies in the rssn library's JIT compilation engine, which is exposed via the CFFI. An attacker can exploit this by crafting malicious input that bypasses validation checks, leading to code injection. This allows for arbitrary code execution within the context of the rssn library, potentially granting the attacker control over the affected system. The impact is severe, as successful exploitation could lead to complete system compromise, data theft, and further malicious activity. The CWE classifications highlight the severity, including Improper Privilege Management and External Control of System Configuration.
CVE-2026-30960 was publicly disclosed on 2026-03-08. The vulnerability's CRITICAL CVSS score indicates a high probability of exploitation. As of this writing, no public proof-of-concept (POC) exploits have been released, but the severity and ease of potential exploitation warrant close monitoring. It is not currently listed on CISA KEV.
Applications and systems utilizing the rssn Rust library, particularly those that process untrusted input and expose the CFFI interface, are at significant risk. Projects relying on rssn for parsing or processing data from external sources are especially vulnerable. Developers using older versions of rssn in production environments should prioritize upgrading.
• rust / library: Use cargo audit to check for known vulnerabilities in your project's dependencies, including rssn.
cargo audit• rust / library: Examine your project's Cargo.toml file to identify the version of rssn being used.
cat Cargo.toml | grep rssn• generic / system: Monitor system logs for unusual process activity or code execution originating from the rssn library. Look for unexpected function calls or memory allocations. • generic / system: Implement runtime application self-protection (RASP) measures to detect and prevent code injection attempts.
disclosure
Exploit-Status
EPSS
0.01% (1% Perzentil)
CISA SSVC
The primary mitigation for CVE-2026-30960 is to immediately upgrade to version 0.2.9 or later of the rssn Rust library. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing stricter input validation on any data passed to the rssn library. While a WAF or proxy cannot directly address this code injection vulnerability, they can be configured to monitor for unusual patterns or suspicious activity related to the rssn library's usage. After upgrading, verify the fix by attempting to reproduce the vulnerability with known malicious inputs and confirming that the code execution is prevented.
Actualice la biblioteca rssn a la versión 0.2.9 o posterior. Esta versión corrige la vulnerabilidad de ejecución de código arbitrario a través de la interfaz CFFI. La actualización evitará que un atacante explote la falta de validación de entrada en la generación de instrucciones JIT.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-30960 is a critical code injection vulnerability affecting the rssn Rust library, allowing attackers to execute arbitrary code due to improper input validation in the JIT compilation engine.
You are affected if you are using rssn version 0.2.8 or earlier. Check your project's dependencies to determine if you are using a vulnerable version.
Upgrade to rssn version 0.2.9 or later to remediate the vulnerability. If upgrading is not immediately possible, implement strict input validation.
While no public exploits are currently available, the vulnerability's severity and ease of exploitation suggest that it may be targeted in the future.
Refer to the rssn project's official repository or website for the latest security advisories and updates regarding CVE-2026-30960.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Cargo.lock-Datei hoch und wir sagen dir sofort, ob du betroffen bist.