Tag
high
advisory
Coder SSH Config Injection Vulnerability (CVE-2026-55427)
1 TTPA malicious or compromised Coder server can exploit CVE-2026-55427 to inject unsanitized SSH configuration values via `coder config-ssh` into developer workstations, enabling arbitrary code execution on client machines.
Coder +3
ssh
configuration-injection
rce
supply-chain
developer-tools
vulnerability
1t
critical
advisory
Mise Vulnerable to Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)
1 rule 5 TTPs 1 CVEA critical vulnerability (CVE-2026-33646) in Mise allows for arbitrary code execution on victim machines via malicious `.tool-versions` files containing Tera template syntax, which are processed without trust verification, enabling silent supply chain attacks upon directory entry.
mise
rce
supply-chain
trust-bypass
code-execution
developer-tools
cve
1r
5t
1c