Description
mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files (mise.toml, .tool-versions) through trust_check, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir (mise-tasks/, .mise/tasks/, …) but no config file, mise falls back to the default includes and renders each task's tera fields — and that tera environment has exec() registered. A {{ exec(command='…') }} in any rendered field runs arbitrary commands the moment the tasks are merely listed. There's no config file to gate on, so no trust prompt ever appears. Read-only commands trigger it: mise tasks, mise task ls, mise run, mise tasks --usage (the query shell completion runs on Tab). The victim only has to cd into a cloned repo and list or tab-complete a task. This vulnerability is fixed in 2026.6.4.
Published: 2026-06-26
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

mise manages development tools and uses task-include directories to load configuration snippets. The vulnerability to embed tera templates that call the exec() function. Because the task-include path bypasses mise’s trust_check gate, the exec() call runs automatically when a task is merely listed or tab‑completed, enabling an attacker to run arbitrary commands on the local system without confirmation.

Affected Systems

All installations of jdx's mise older than version 2026.6.4 that contain a task-include directory (mise-tasks/, .mise/tasks/, etc.) and no mise.toml or .tool-versions configuration files are affected. A repository with a task-include folder can trigger the flaw simply by executing any of the mise task‑listing or completion commands.

Risk and Exploitability

The CVSS score of 8.6 classifies the flaw as high severity. The EPSS score is not available, but the attack requires only read access to the repository and local execution of a mise command, making it straightforward for a local or remote attacker to exploit. The vulnerability is not currently listed in the CISA KEV catalogue.

Generated by OpenCVE AI on June 26, 2026 at 19:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade mise to version 2026.6.4 or later, which removes the exec() call from untrusted task-include files.
  • If an upgrade is not immediately possible, delete or rename any task-include directories in repositories that are not under your control to prevent untrusted templates from being processed.
  • Configure or audit your environment so that only repositories containing a mentioned mise.toml or .tool-versions file are allowed to be listed or completed; this restores the trust check gating for configuration files.

Generated by OpenCVE AI on June 26, 2026 at 19:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-77g9-363w-rccq Mise vulnerable to arbitrary command execution via task-include files in an untrusted, config-less repository
History

Fri, 26 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
First Time appeared Jdx
Jdx mise
Vendors & Products Jdx
Jdx mise

Fri, 26 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Description mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files (mise.toml, .tool-versions) through trust_check, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir (mise-tasks/, .mise/tasks/, …) but no config file, mise falls back to the default includes and renders each task's tera fields — and that tera environment has exec() registered. A {{ exec(command='…') }} in any rendered field runs arbitrary commands the moment the tasks are merely listed. There's no config file to gate on, so no trust prompt ever appears. Read-only commands trigger it: mise tasks, mise task ls, mise run, mise tasks --usage (the query shell completion runs on Tab). The victim only has to cd into a cloned repo and list or tab-complete a task. This vulnerability is fixed in 2026.6.4.
Title mise: Arbitrary command execution via task-include files in an untrusted, config-less repository
Weaknesses CWE-732
CWE-78
CWE-94
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Subscriptions

Jdx Mise
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-26T18:41:26.486Z

Reserved: 2026-06-16T21:59:57.017Z

Link: CVE-2026-55441

cve-icon Vulnrichment

Updated: 2026-06-26T18:14:27.698Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T23:15:08Z

Weaknesses
  • CWE-732

    Incorrect Permission Assignment for Critical Resource

  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

  • CWE-94

    Improper Control of Generation of Code ('Code Injection')