CVE-2026-5301: Rust Shell Command Injection
String interpolation was used to construct a shell command without sanitization. This allows attackers to inject malicious shell patterns or metacharacters through user-supplied variables, leading to OS Command Injection. Use argument passing via arrays or dedicated sanitization functions before interpolating variables.
greprules fetch cve-2026-5301-rust-shell-command-injection --engine opengrepDescription
String interpolation was used to construct a shell command without sanitization. This allows attackers to inject malicious shell patterns or metacharacters through user-supplied variables, leading to OS Command Injection. Use argument passing via arrays or dedicated sanitization functions before interpolating variables.
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.