2 matches found
CVE-2026-55441 mise: Arbitrary command execution via task-include files in an untrusted, config-less repository
mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files mise.toml, .tool-versions through trustcheck, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir mise-tasks/,...
PT-2026-51640
Name of the Vulnerable Software and Affected Versions mise versions prior to 2026.6.4 Description A flaw in the trust mechanism allows arbitrary command execution when a directory contains task-include directories such as mise-tasks/, .mise/tasks/, etc. but lacks a configuration file. In this...