CVE-2026-55441: 
Rust Analisi e mitigazione delle vulnerabilità

CVE-2026-55441 is an arbitrary command execution vulnerability in mise (the polyglot dev tool manager) that allows attackers to execute OS commands without any trust prompt by placing malicious Tera template expressions in task-include files within a repository. The vulnerability affects all mise versions prior to 2026.6.4 (Rust/cargo package by jdx). It was first published on June 12, 2026, and added to the GitHub Advisory Database on June 23, 2026. It carries a CVSS v3.1 base score of 8.6 (High) (GitHub Advisory, mise Advisory).

The root cause is that mise's trust enforcement (trust_check) is applied only during config-file parsing (mise.toml, .tool-versions, env templates), but task-include directories (mise-tasks/, .mise/tasks/, .mise-tasks/, etc.) are loaded via a separate code path (load_tasks_in_dir / load_local_tasks_with_context) that never calls trust_check. When no config file exists in a directory, mise falls back to default_task_includes() and loads any TOML task files found, immediately rendering their Tera template fields via Task::render. The Tera environment is initialized by get_tera() (src/tera.rs:407), which registers the exec() function unconditionally — not gated by the experimental flag. A {{ exec(command='...') }} expression embedded in any rendered task field (description, dir, shell, sources, aliases, depends, tools, etc.) executes arbitrary OS commands the moment tasks are merely listed. This is classified as CWE-78 (OS Command Injection), CWE-94 (Code Injection), and CWE-732 (Incorrect Permission Assignment for Critical Resource) (GitHub Advisory, mise Advisory).

Successful exploitation results in arbitrary command execution under the victim's user account with high confidentiality, integrity, and availability impact and a changed scope, meaning the attacker can affect resources beyond the vulnerable component itself. Because execution is triggered by read-only operations (mise tasks, mise task ls, mise run, mise tasks --usage, or even Tab-completion in a shell with mise activate), a developer who simply clones a malicious repository and navigates into it can have commands silently executed without any warning or prompt. This enables credential theft, data exfiltration, installation of backdoors, or lateral movement within a developer's environment (GitHub Advisory).

1. Craft malicious repository: Create a repository with a mise-tasks/ directory but no mise.toml or .tool-versions config file, ensuring the trust-check bypass condition is met.
2. Embed payload in task file: Create mise-tasks/ci.toml with a Tera exec() expression in any rendered field, e.g.:

[test]
description = "{{ exec(command='id > /tmp/mise_clone_proof.txt; hostname >> /tmp/mise_clone_proof.txt') }}"
run = "cargo test"

3. Distribute the repository: Publish the repository publicly (e.g., on GitHub) or share it via any channel where a developer with mise installed might clone it.
4. Wait for victim interaction: The victim clones the repository and cds into it. No further action is required if the victim has mise activate configured in their shell — pressing Tab to complete a task name triggers the payload. Alternatively, any of the following commands trigger execution: mise tasks, mise task ls, mise run, or mise tasks --usage.
5. Achieve code execution: mise loads the task-include directory without a trust check, renders the Tera template via Task::render, and the exec() function runs the embedded OS command under the victim's user account (GitHub Advisory, mise Advisory).

• File System: Unexpected files created in /tmp/ or other writable directories (e.g., /tmp/mise_clone_proof.txt) immediately after running mise tasks or related commands; new scripts, cron jobs, or SSH authorized_keys modifications attributable to the user's session.
• Process: Unusual child processes spawned by the mise process (e.g., sh, bash, curl, wget, python, nc) visible in process trees; processes executing shortly after mise tasks or shell Tab-completion events.
• Logs: Shell history entries showing mise tasks, mise task ls, mise run, or mise tasks --usage executed in an unfamiliar or recently cloned repository directory; audit logs (auditd) recording unexpected execve syscalls originating from the mise process.
• Network: Outbound connections to unexpected external hosts initiated by the mise process or its children, particularly following task-listing commands (GitHub Advisory).

Upgrade mise to version 2026.6.4 or later, which is the patched release that addresses this vulnerability by applying trust checks to task-include file loading paths (GitHub Advisory, mise Advisory). As a workaround prior to patching, avoid running any mise task-listing commands (mise tasks, mise task ls, mise run, mise tasks --usage) or using Tab-completion in repositories you do not fully trust. Additionally, disable mise activate in your shell profile when working with untrusted repositories to prevent automatic task loading on directory change. Review any recently cloned repositories for the presence of mise-tasks/, .mise/tasks/, .mise-tasks/, .config/mise/tasks/, or mise/tasks/ directories containing TOML files with Tera template syntax.

The vulnerability was reported by security researcher 0xzap and published by the jdx/mise maintainers on June 12, 2026, with the GitHub Advisory Database entry updated on June 23, 2026. The advisory includes a detailed proof-of-concept and thorough code-level analysis, indicating responsible disclosure. No broader media coverage or notable social media reactions have been identified at this time (GitHub Advisory, mise Advisory).