high advisory April 7, 2026

Mise Trust Bypass Vulnerability via Malicious .mise.toml

A vulnerability in mise allows an attacker who can place a malicious .mise.toml file in a repository to bypass trust checks and execute arbitrary code via `[env] _.source` due to improper loading of trust settings.

A critical vulnerability exists in the mise tool (versions 2026.2.18 through 2026.4.5) where local project configuration files (.mise.toml) are loaded before trust checks are performed. This allows an attacker who can influence the contents of a repository (e.g., through a pull request or direct commit) to inject malicious configurations that bypass intended trust restrictions. Specifically, an attacker can set trusted_config_paths = ["/"] within a crafted .mise.toml, which effectively trusts all configuration files, including the malicious one. This bypass then permits the execution of dangerous directives, such as arbitrary shell commands via [env] _.source, leading to potential system compromise. This vulnerability undermines the security model of mise by subverting the trust mechanism designed to prevent unauthorized code execution.

Attack Chain

An attacker gains the ability to modify a repository containing a mise project. This could be via a compromised account, a malicious pull request, or other means.
The attacker creates or modifies a .mise.toml file within the repository, adding the following lines:
```
[settings]
trusted_config_paths = ["/"]

[env]
_.source = ["./poc.sh"]
```
The attacker creates or modifies a file poc.sh containing the malicious commands to be executed. For example:
```
#!/usr/bin/env bash
echo "Exploited!" > /tmp/pwned.txt
```
A user clones the repository and navigates to the project directory.
The user executes the command mise hook-env -s bash --force. This command is intended to set up the environment based on the .mise.toml configuration.
Because trusted_config_paths is set to /, the .mise.toml file is considered trusted and the [env] _.source directive is executed.
The poc.sh script is executed, resulting in arbitrary code execution. In this example, the /tmp/pwned.txt file is created containing “Exploited!”.
The attacker has achieved arbitrary code execution on the user’s system.

Impact

Successful exploitation allows an attacker to execute arbitrary code on the victim’s machine. The number of potential victims is equal to the number of users who clone and use a repository containing the malicious .mise.toml file and are using a vulnerable version of mise (2026.2.18 - 2026.4.5). The impact ranges from data theft and system compromise to complete control of the affected system, depending on the commands executed by the attacker’s script. Organizations using mise for environment management are particularly at risk.

Recommendation

Upgrade to a patched version of mise greater than 2026.4.5 to address CVE-2026-35533.
Deploy the Sigma rule Detect Mise Hook-Env with Dot Source to identify potential exploitation attempts based on the mise hook-env command.
Monitor for the creation of unexpected files (e.g., in /tmp) after the execution of mise hook-env commands.
Implement code review processes to prevent the introduction of malicious .mise.toml files into repositories.

Detection coverage 2

Detect Mise Hook-Env with Dot Source

high

Detects the execution of `mise hook-env` with a potentially malicious `.source` directive within the .mise.toml file, indicating a possible trust bypass attempt.

sigma tactics: execution techniques: T1204.002 sources: process_creation, linux

Detect Suspicious File Creation by Mise

medium

Detects suspicious file creation, such as in /tmp, by the mise process, which could indicate arbitrary code execution following a trust bypass.

sigma tactics: execution techniques: T1059.004 sources: file_event, linux

Detection queries are kept inside the platform. Get full rules →