EXECUTIVE SUMMARY:
CVE-2026-33646 with a CVSS score of 9.6 is a critical arbitrary code execution flaw in the rust/mise tool (versions prior to 2026.3.10) that arises from the way the program parses .tool-versions files using the Tera template engine. The parser registers the exec() function without any trust verification, allowing any Tera expression in the file to invoke a shell command. An attacker who can place a malicious .tool-versions file in a repository can trigger the vulnerability simply by a victim cloning the repo and entering the directory while mise is activated (e.g., via eval "$(mise activate zsh)"). The hook‑env script automatically loads the file, the engine renders the template, and the exec() call runs the attacker‑supplied command as the logged‑in user, inheriting the full environment—including credentials, tokens, or SSH agents. Successful exploitation yields remote code execution with the victim’s privileges, enabling data exfiltration, credential theft, or further lateral movement. Exploitation requires only non‑paranoid mode (the default) and the ability to influence the .tool-versions content; no additional network access or elevated privileges are needed.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-33646 with a CVSS score of 9.6 is a critical arbitrary code execution flaw in the rust/mise tool (versions prior to 2026.3.10) that arises from the way the program parses .tool-versions files using the Tera template engine. The parser registers the exec() function without any trust verification, allowing any Tera expression in the file to invoke a shell command. An attacker who can place a malicious .tool-versions file in a repository can trigger the vulnerability simply by a victim cloning the repo and entering the directory while mise is activated (e.g., via eval "$(mise activate zsh)"). The hook‑env script automatically loads the file, the engine renders the template, and the exec() call runs the attacker‑supplied command as the logged‑in user, inheriting the full environment—including credentials, tokens, or SSH agents. Successful exploitation yields remote code execution with the victim’s privileges, enabling data exfiltration, credential theft, or further lateral movement. Exploitation requires only non‑paranoid mode (the default) and the ability to influence the .tool-versions content; no additional network access or elevated privileges are needed.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-fjj5-v948-whjj