Vendor
A critical vulnerability (CVE-2026-33646) in Mise allows for arbitrary code execution on victim machines via malicious `.tool-versions` files containing Tera template syntax, which are processed without trust verification, enabling silent supply chain attacks upon directory entry.