2 matches found
CVE-2026-55448
mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credentialcommand from local project config before any trust decision, then executes that value with sh -c when resolving a GitHub token. An attacker who can place a .mise.toml in a...
CVE-2026-55448
CVE-2026-55448 is confirmed across multiple sources as a local command-exécution vulnerability in the mise tool. An attacker who can place a repository-local .mise.toml can have mise load github.credential_command from local project config and execute its value via sh -c when resolving a GitHub t...