crates.io/mise — 5 CVEs

CRITICAL9.6CVE-2026-33646Mise Vulnerable to Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)

from 0, < 2026.3.10

HIGH8.6CVE-2026-55441Mise vulnerable to arbitrary command execution via task-include files in an untrusted, config-less repository

from 0, < 2026.6.4

HIGH7.7CVE-2026-35533Local settings bypass config trust checks

>= 2026.2.18, <= 2026.4.5

MEDIUM6.3Mise's local credential_command executes untrusted config

>= 2026.3.15, < 2026.6.4

MEDIUM5.5mise HTTP backend uses raw version path for install symlink destination

from 0, < 2026.6.1

pkg:crates.io/mise