mise Trust Bypass Vulnerability Allowing Execution of Arbitrary Directives

A vulnerability exists in the 'mise' tool, which manages development utilities like Node.js, Python, CMake, and Terraform. Versions 2026.2.18 through 2026.4.5 are affected. The issue arises because 'mise' loads trust-control settings from a local project file, '.mise.toml', before verifying the file's trustworthiness. This flaw allows an attacker to place a malicious '.mise.toml' in a repository, making it appear trusted and enabling access to potentially harmful directives such as '[env] _.source', templates, hooks, or tasks.

Impact

Exploitation of this vulnerability allows an attacker to manipulate 'mise' into trusting and executing dangerous directives from an untrusted configuration file. This was demonstrated by executing a script through the '[env] _.source' directive during a 'mise hook-env' command, bypassing the intended trust protections.

Reproduction

The vulnerability can be reproduced by creating a '.mise.toml' file with a '[settings]' section that includes 'trusted_config_paths' set to ['/']. This file should be placed in a repository. When 'mise hook-env' is executed, the tool will trust the untrusted project configuration and execute any specified scripts, such as one that writes to a proof file.

Remediation

Users are advised to remove or modify any 'trusted_config_paths' settings in local project configuration files to prevent this trust bypass. Additionally, 'mise' should be updated to a version where this vulnerability is addressed.