The vulnerability in mise causes the program to load the github.credential_command value from a local .mise.toml file before it evaluates any trust policy and then executes that value using sh -c. According to the description, an attacker who can place a .mise.toml in a repository can cause the victim to run arbitrary shell commands whenever the victim invokes a GitHub‑related mise command without setting a more privileged GitHub token environment variable. This is a classic case of command injection (CWE‑78) that allows an attacker to gain arbitrary code execution on the victim’s system.

The affected product is the mise development‑tool manager from the vendor jdx. Versions from 2026.3.15 through 2026.6.3 are vulnerable. The issue was fixed in mise 2026.6.4, so any installation of that version or later is no longer affected.

The CVSS score is 6.3, indicating a medium‑to‑high severity. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog. Because the flaw requires an attacker to place a configuration file in a local repository and the victim to execute a GitHub‑related mise command, exploitation is bounded to environments where these conditions can be satisfied. While no known exploits have been reported, the attack vector is plausible for developers who clone or work with untrusted repositories.