diff --git a/lua/mason-core/installer/registry/providers/cargo.lua b/lua/mason-core/installer/registry/providers/cargo.lua
index af43db864..f4904b73f 100644
--- a/lua/mason-core/installer/registry/providers/cargo.lua
+++ b/lua/mason-core/installer/registry/providers/cargo.lua
@@ -60,7 +60,14 @@ end
 function M.get_versions(purl)
     ---@type string?
     local repository_url = _.path({ "qualifiers", "repository_url" }, purl)
+    local rev = _.path({ "qualifiers", "rev" }, purl)
     if repository_url then
+        if rev == "true" then
+            -- When ?rev=true we're targeting a commit SHA. It's not feasible to retrieve all commit SHAs for a
+            -- repository so we fail instead.
+            return Result.failure "Unable to retrieve commit SHAs."
+        end
+
         ---@type Result?
         local git_tags = _.cond {
             {
diff --git a/tests/mason-core/installer/registry/providers/cargo_spec.lua b/tests/mason-core/installer/registry/providers/cargo_spec.lua
index d34689093..1bdad5f4c 100644
--- a/tests/mason-core/installer/registry/providers/cargo_spec.lua
+++ b/tests/mason-core/installer/registry/providers/cargo_spec.lua
@@ -136,4 +136,16 @@ describe("cargo provider :: versions", function()
         assert.spy(providers.github.get_all_tags).was_called(1)
         assert.spy(providers.github.get_all_tags).was_called_with "rust-lang/rust-analyzer"
     end)
+
+    it("should not provide git commit SHAs", function()
+        local result = cargo.get_versions(purl {
+            qualifiers = {
+                repository_url = "https://github.com/rust-lang/rust-analyzer",
+                rev = "true",
+            },
+        })
+
+        assert.is_false(result:is_success())
+        assert.equals("Unable to retrieve commit SHAs.", result:err_or_nil())
+    end)
 end)