CVE-2026-55448
published 2026-06-26CVE-2026-55448: mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_command from local project config…
PriorityP335medium6.3CVSS 3.1
AVLACHPRNUIRSUCHIHAN
EPSS
0.16%
5.4th percentile
mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_command from local project config before any trust decision, then executes that value with sh -c when resolving a GitHub token. An attacker who can place a .mise.toml in a repository can execute arbitrary shell commands when the victim runs a GitHub-related mise command and no higher-priority GitHub token environment variable is set. This vulnerability is fixed in 2026.6.4.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jdx | mise | < 2026.6.4 | 2026.6.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
jdx mise up to 2026.6.3 Environment Variable mise.toml os command injection
vuldb·2026-06-26·CVSS 6.3
CVE-2026-55448 [MEDIUM] jdx mise up to 2026.6.3 Environment Variable mise.toml os command injection
A vulnerability was found in jdx mise up to 2026.6.3. It has been declared as critical. Impacted is an unknown function of the file mise.toml of the component Environment Variable Handler. Such manipulation leads to os command injection.
This vulnerability is traded as CVE-2026-55448. An attack has to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
GHSA
Mise's local credential_command executes untrusted config
ghsa·2026-06-23
CVE-2026-55448 [MEDIUM] CWE-78 Mise's local credential_command executes untrusted config
Mise's local credential_command executes untrusted config
### Summary
`mise` loads `github.credential_command` from local project config before any trust decision, then executes that value with `sh -c` when resolving a GitHub token. An attacker who can place a `.mise.toml` in a repository can execute arbitrary shell commands when the victim runs a GitHub-related mise command and no higher-priority GitHub token environment variable is set.
The current command-execution path is `github.credential_command`. I confirmed in Docker that the setting is exploitable on `v2026.3.15` and `v2026.3.17`, while `v2026.3.14` rejects it as an unknown field. This report does not depend on the separate trust-bypass issue because the sink is reached directly from `[settings.github]`.
### Details
The vuln
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-26
Published