CVE-2026-33646: Mise Vulnerable to Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)

June 22, 2026

Mise processes .tool-versions files through the Tera template engine during parsing, with the exec() function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not subject to trust verification in non-paranoid mode. This means an attacker can place a malicious .tool-versions file in a git repository, and when a victim with mise activated cds into the directory, arbitrary commands execute without any trust prompt.

References

github.com/advisories/GHSA-fjj5-v948-whjj
github.com/jdx/mise/security/advisories/GHSA-fjj5-v948-whjj
nvd.nist.gov/vuln/detail/CVE-2026-33646

Code Behaviors & Features

Detect and mitigate CVE-2026-33646 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →