CVE-2026-35533 Overview
CVE-2026-35533 is a high-severity improper access control vulnerability in mise, a development tool manager that handles tools like node, python, cmake, and terraform. The vulnerability exists in versions 2026.2.18 through 2026.4.5, where mise loads trust-control settings from a local project .mise.toml file before the trust check runs. This design flaw allows an attacker who can place a malicious .mise.toml in a repository to make that same file appear trusted, subsequently enabling access to dangerous directives such as [env] _.source, templates, hooks, or tasks.
Critical Impact
An attacker can bypass trust controls to execute arbitrary code through malicious configuration directives, potentially compromising developer machines and CI/CD environments.
Affected Products
- mise versions 2026.2.18 through 2026.4.5
Discovery Timeline
- 2026-04-07 - CVE CVE-2026-35533 published to NVD
- 2026-04-08 - Last updated in NVD database
Technical Details for CVE-2026-35533
Vulnerability Analysis
This vulnerability represents an Improper Access Control flaw (CWE-284) where the trust verification mechanism in mise is fundamentally flawed in its execution order. The core issue lies in the timing of when trust-control settings are evaluated versus when they are enforced.
When a user enters a directory containing a .mise.toml file, mise parses and loads configuration settings from this file, including trust-related settings, before actually verifying whether the file should be trusted. This creates a race-condition-like scenario where an attacker-controlled configuration can influence its own trust evaluation.
The vulnerability requires local access and user interaction (the user must navigate to a directory containing the malicious file), but once triggered, it can lead to complete compromise of the user's environment with the ability to execute arbitrary code with the user's privileges.
Root Cause
The root cause stems from an architectural flaw in mise's configuration loading sequence. Trust-control settings are processed during the initial configuration parse phase, which occurs before the trust verification check can reject untrusted configurations. This means a malicious .mise.toml file can manipulate the trust settings to mark itself as trusted, effectively bypassing the security mechanism entirely.
Attack Vector
An attacker exploits this vulnerability by placing a crafted .mise.toml file in a repository or shared directory. When a developer clones the repository or accesses the directory with mise installed, the following attack sequence occurs:
- The attacker creates a .mise.toml file containing both trust-bypass settings and malicious directives
- The file is committed to a repository or placed in a shared location
- When a victim user enters the directory, mise loads the configuration
- Trust-control settings from the malicious file are processed before verification
- The malicious file marks itself as trusted
- Dangerous directives such as [env] _.source, templates, hooks, or tasks are executed
- Arbitrary code runs with the victim's privileges
This attack can be delivered through supply chain compromises, pull requests to open-source projects, or any scenario where an attacker can inject files into a developer's workspace.
Detection Methods for CVE-2026-35533
Indicators of Compromise
- Unexpected or unfamiliar .mise.toml files appearing in project directories
- Unusual trust-related configuration entries in .mise.toml files
- Suspicious [env] _.source directives referencing external or unexpected scripts
- Unexpected hook or task definitions in mise configuration files
- Evidence of code execution during directory navigation or mise initialization
Detection Strategies
- Monitor file system events for creation or modification of .mise.toml files in project directories
- Implement repository scanning to detect .mise.toml files with trust-bypass patterns in pull requests
- Review git history for recently added or modified mise configuration files
- Deploy endpoint detection to identify suspicious process spawning patterns during mise execution
Monitoring Recommendations
- Enable logging for mise operations and review logs for unexpected configuration loading events
- Implement CI/CD pipeline checks to scan for potentially malicious mise configuration files
- Configure alerts for mise processes spawning unexpected child processes
- Audit existing repositories for .mise.toml files containing dangerous directive combinations
How to Mitigate CVE-2026-35533
Immediate Actions Required
- Upgrade mise to version 2026.4.6 or later immediately
- Audit all existing repositories and projects for suspicious .mise.toml files
- Review trust settings and ensure no unauthorized configurations have been applied
- Consider disabling mise temporarily in high-security environments until patched
Patch Information
The vulnerability has been addressed in mise versions after 2026.4.5. Users should upgrade to the latest available version as soon as possible. For detailed patch information and security guidance, refer to the GitHub Security Advisory.
Workarounds
- Avoid navigating to directories containing untrusted .mise.toml files until patched
- Manually inspect all .mise.toml files before entering directories, particularly in cloned repositories
- Use the --no-config flag when possible to prevent automatic configuration loading
- Implement repository policies requiring review of mise configuration file changes before merge
- Consider using container-based development environments to isolate potential compromise
# Upgrade mise to the latest patched version
mise self-update
# Alternatively, reinstall mise to ensure latest version
curl https://mise.run | sh
# Verify installed version is not vulnerable (should be > 2026.4.5)
mise --version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
