CVE-2026-33646
Deferred Deferred - Pending Action

Arbitrary Command Execution in mise via Malicious .tool-versions File

Vulnerability report for CVE-2026-33646, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-29

Assigner: GitHub, Inc.

Description

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec() function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not subject to trust verification in non-paranoid mode. This means an attacker can place a malicious .tool-versions file in a git repository, and when a victim with mise activated cds into the directory, arbitrary commands execute without any trust prompt. This vulnerability is fixed in 2026.3.10.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-29
Generated
2026-07-17
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-33646 is a critical vulnerability in the mise tool versions before 2026.3.10 that allows arbitrary code execution. The issue occurs because mise processes .tool-versions files using the Tera template engine, which includes the exec() function for command execution. Unlike .mise.toml files, .tool-versions files do not undergo trust verification in non-paranoid mode.

An attacker can place a malicious .tool-versions file containing Tera template syntax with embedded commands in a git repository. When a victim with mise activated enters the directory, the shell hook automatically parses and executes these commands silently without any user prompt, granting the attacker full user privileges.

This vulnerability enables silent remote code execution (RCE) with no user interaction, making it a severe supply chain attack vector.

Detection Guidance

This vulnerability involves the mise tool processing .tool-versions files through the Tera template engine with the exec() function enabled, allowing arbitrary command execution when a user enters a directory containing a malicious .tool-versions file.

To detect if your system is vulnerable, you should check the version of mise installed and whether it is prior to 2026.3.10, as versions before this are affected.

Additionally, you can inspect .tool-versions files in your git repositories or directories you access with mise activated for suspicious Tera template syntax, especially any usage of exec() or embedded commands.

While no specific detection commands are provided, you can use commands like the following to check your mise version and search for suspicious patterns:

  • Check mise version: `mise --version`
  • Search for suspicious Tera template syntax in .tool-versions files: `grep -r '{{.*exec.*}}' /path/to/your/projects`
  • Audit recently accessed directories for .tool-versions files containing template code: `find /path/to/your/projects -name '.tool-versions' -exec grep -H '{{' {} \;`

Monitoring for unexpected command executions or unusual process activity when changing directories with mise activated may also help detect exploitation attempts.

Impact Analysis

This vulnerability can have severe impacts including arbitrary command execution on your system with your user privileges when you enter a directory containing a malicious .tool-versions file.

Because the commands execute silently and automatically, attackers can steal credentials, tokens, or escalate privileges without your knowledge.

It poses a high risk to confidentiality, integrity, and availability of your system and data, as reflected by its critical CVSS score of 9.6.

Compliance Impact

This vulnerability allows arbitrary command execution with the victim's full environment, including credentials and tokens, which can lead to credential theft and privilege escalation.

Such unauthorized access and potential data compromise can negatively impact compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and user credentials.

Because the vulnerability enables silent remote code execution without user interaction, it poses a severe risk to confidentiality, integrity, and availability of data, all of which are critical aspects of these regulations.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade mise to version 2026.3.10 or later, where the issue is fixed.

The fix involves adding trust checks to the parsing of .tool-versions files, removing the exec() function from the Tera template context, or eliminating Tera processing for .tool-versions files entirely.

Until you can upgrade, avoid cds into directories containing untrusted .tool-versions files, especially those from git repositories, to prevent arbitrary command execution.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33646. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart