{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/mise/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["mise","trust-bypass","code-execution","vulnerability"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical vulnerability exists in the mise tool (versions 2026.2.18 through 2026.4.5) where local project configuration files (.mise.toml) are loaded \u003cem\u003ebefore\u003c/em\u003e trust checks are performed. This allows an attacker who can influence the contents of a repository (e.g., through a pull request or direct commit) to inject malicious configurations that bypass intended trust restrictions. Specifically, an attacker can set \u003ccode\u003etrusted_config_paths = [\u0026quot;/\u0026quot;]\u003c/code\u003e within a crafted .mise.toml, which effectively trusts all configuration files, including the malicious one. This bypass then permits the execution of dangerous directives, such as arbitrary shell commands via \u003ccode\u003e[env] _.source\u003c/code\u003e, leading to potential system compromise. This vulnerability undermines the security model of mise by subverting the trust mechanism designed to prevent unauthorized code execution.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains the ability to modify a repository containing a mise project. This could be via a compromised account, a malicious pull request, or other means.\u003c/li\u003e\n\u003cli\u003eThe attacker creates or modifies a \u003ccode\u003e.mise.toml\u003c/code\u003e file within the repository, adding the following lines:\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" class=\"chroma\"\u003e\u003ccode class=\"language-toml\" data-lang=\"toml\"\u003e\u003cspan class=\"line\"\u003e\u003cspan class=\"cl\"\u003e\u003cspan class=\"p\"\u003e[\u003c/span\u003e\u003cspan class=\"nx\"\u003esettings\u003c/span\u003e\u003cspan class=\"p\"\u003e]\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan class=\"line\"\u003e\u003cspan class=\"cl\"\u003e\u003cspan class=\"nx\"\u003etrusted_config_paths\u003c/span\u003e \u003cspan class=\"p\"\u003e=\u003c/span\u003e \u003cspan class=\"p\"\u003e[\u003c/span\u003e\u003cspan class=\"s2\"\u003e\u0026#34;/\u0026#34;\u003c/span\u003e\u003cspan class=\"p\"\u003e]\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan class=\"line\"\u003e\u003cspan class=\"cl\"\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan class=\"line\"\u003e\u003cspan class=\"cl\"\u003e\u003cspan class=\"p\"\u003e[\u003c/span\u003e\u003cspan class=\"nx\"\u003eenv\u003c/span\u003e\u003cspan class=\"p\"\u003e]\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan class=\"line\"\u003e\u003cspan class=\"cl\"\u003e\u003cspan class=\"nx\"\u003e_\u003c/span\u003e\u003cspan class=\"p\"\u003e.\u003c/span\u003e\u003cspan class=\"nx\"\u003esource\u003c/span\u003e \u003cspan class=\"p\"\u003e=\u003c/span\u003e \u003cspan class=\"p\"\u003e[\u003c/span\u003e\u003cspan class=\"s2\"\u003e\u0026#34;./poc.sh\u0026#34;\u003c/span\u003e\u003cspan class=\"p\"\u003e]\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003c/li\u003e\n\u003cli\u003eThe attacker creates or modifies a file \u003ccode\u003epoc.sh\u003c/code\u003e containing the malicious commands to be executed. For example:\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" class=\"chroma\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan class=\"line\"\u003e\u003cspan class=\"cl\"\u003e\u003cspan class=\"cp\"\u003e#!/usr/bin/env bash\n\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cspan class=\"line\"\u003e\u003cspan class=\"cl\"\u003e\u003cspan class=\"nb\"\u003eecho\u003c/span\u003e \u003cspan class=\"s2\"\u003e\u0026#34;Exploited!\u0026#34;\u003c/span\u003e \u0026gt; /tmp/pwned.txt\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003c/li\u003e\n\u003cli\u003eA user clones the repository and navigates to the project directory.\u003c/li\u003e\n\u003cli\u003eThe user executes the command \u003ccode\u003emise hook-env -s bash --force\u003c/code\u003e. This command is intended to set up the environment based on the \u003ccode\u003e.mise.toml\u003c/code\u003e configuration.\u003c/li\u003e\n\u003cli\u003eBecause \u003ccode\u003etrusted_config_paths\u003c/code\u003e is set to \u003ccode\u003e/\u003c/code\u003e, the \u003ccode\u003e.mise.toml\u003c/code\u003e file is considered trusted and the \u003ccode\u003e[env] _.source\u003c/code\u003e directive is executed.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003epoc.sh\u003c/code\u003e script is executed, resulting in arbitrary code execution. In this example, the \u003ccode\u003e/tmp/pwned.txt\u003c/code\u003e file is created containing \u0026ldquo;Exploited!\u0026rdquo;.\u003c/li\u003e\n\u003cli\u003eThe attacker has achieved arbitrary code execution on the user\u0026rsquo;s system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows an attacker to execute arbitrary code on the victim\u0026rsquo;s machine. The number of potential victims is equal to the number of users who clone and use a repository containing the malicious \u003ccode\u003e.mise.toml\u003c/code\u003e file and are using a vulnerable version of \u003ccode\u003emise\u003c/code\u003e (2026.2.18 - 2026.4.5). The impact ranges from data theft and system compromise to complete control of the affected system, depending on the commands executed by the attacker\u0026rsquo;s script. Organizations using mise for environment management are particularly at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to a patched version of \u003ccode\u003emise\u003c/code\u003e greater than 2026.4.5 to address CVE-2026-35533.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Mise Hook-Env with Dot Source\u003c/code\u003e to identify potential exploitation attempts based on the \u003ccode\u003emise hook-env\u003c/code\u003e command.\u003c/li\u003e\n\u003cli\u003eMonitor for the creation of unexpected files (e.g., in /tmp) after the execution of \u003ccode\u003emise hook-env\u003c/code\u003e commands.\u003c/li\u003e\n\u003cli\u003eImplement code review processes to prevent the introduction of malicious \u003ccode\u003e.mise.toml\u003c/code\u003e files into repositories.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-07T20:13:11Z","date_published":"2026-04-07T20:13:11Z","id":"/briefs/2026-04-mise-trust-bypass/","summary":"A vulnerability in mise allows an attacker who can place a malicious .mise.toml file in a repository to bypass trust checks and execute arbitrary code via `[env] _.source` due to improper loading of trust settings.","title":"Mise Trust Bypass Vulnerability via Malicious .mise.toml","url":"https://feed.craftedsignal.io/briefs/2026-04-mise-trust-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Mise","version":"https://jsonfeed.org/version/1.1"}