mise
crates.io5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting misepage 1 of 1
- CVE-2026-33646CRITICALCVSS 9.6EG 9.6✓ Fixed in 2026.3.102026-06-22
mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec() function registered, enabling arbitrary command execut…
- CVE-2026-35533HIGHCVSS 7.7EG 7.7✓ Fixed in 2026.6.42026-04-07
mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mise loads trust-control settings from a local project .mise.toml before the trust check runs. An attacker who can place a malicious .mise.tom…
- CVE-2026-54557MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2026.6.12026-06-23
mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the…
- CVE-2026-55441HIGHCVSS 8.6EG 8.6✓ Fixed in 2026.6.42026-06-23
mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files (mise.toml, .tool-versions) through trust_check, but task-include files are loaded on a path that never reaches it. …
- CVE-2026-55448MEDIUMCVSS 6.3EG 6.3✓ Fixed in 2026.6.42026-06-23
mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_command from local project config before any trust decision, then executes that value with sh -c when resolving a G…
Check whether mise is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for mise CVEs against the assets you own.
Start Free Scan →