CVE 9.6 CRITICAL

mise: Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)_CVE-2026-33646

June 26, 2026 invoker category_cve

9.6 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec() function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not subject to trust verification in non-paranoid mode. This means an attacker can place a malicious .tool-versions file in a git repository, and when a victim with mise activated cds into the directory, arbitrary commands execute without any trust prompt. This vulnerability is fixed in 2026.3.10.

AI Analysis

Arbitrary code execution via Tera templates in .tool-versions files due to lack of trust verification

Basic Information

ID CVE-2026-33646

Source GitHub_M

Published Jun 26, 2026 at 16:51

Affected Product

Vendor jdx

Product mise

Version < 2026.3.10

Affected Versions jdx mise < 2026.3.10

CWE Classification

CWE-94

AI Assessment

AI Score 9.6 / 10

AI Severity Critical

Vendor jdx

Product mise

Version < 2026.3.10

References

github.com /jdx/mise/security/advisories/GHSA-fjj5-v948-whjj

{
    "lastseen": "",
    "description": "mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec() function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not subject to trust verification in non-paranoid mode. This means an attacker can place a malicious .tool-versions file in a git repository, and when a victim with mise activated cds into the directory, arbitrary commands execute without any trust prompt. This vulnerability is fixed in 2026.3.10.",
    "published": "2026-06-26T16:51:44.261Z",
    "modified": "2026-06-26T16:51:44.261Z",
    "type": "cve",
    "title": "mise: Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)",
    "source": "GitHub_M",
    "references": "https://github.com/jdx/mise/security/advisories/GHSA-fjj5-v948-whjj",
    "id": "CVE-2026-33646",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "jdx mise < 2026.3.10",
    "sourceHref": "",
    "cvss": {
        "score": 9.6,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mise",
    "version": "< 2026.3.10",
    "vendor": "jdx",
    "ai_description": "Arbitrary code execution via Tera templates in .tool-versions files due to lack of trust verification",
    "ai_severity": "Critical",
    "ai_vendor": "jdx",
    "ai_product": "mise",
    "ai_version": "< 2026.3.10",
    "ai_score": 9.6
}

💭 Join the Security Discussion ❌ Cancel Reply