CVE-2026-35533

Name of the Vulnerable Software and Affected Versions mise versions 2026.2.18 through 2026.4.5

Description mise improperly loads trust-control settings from a local project .mise.toml file before performing trust checks. This allows an attacker who can place a malicious .mise.toml file in a repository to make it appear trusted and then execute dangerous directives such as [env] .source, templates, hooks, or tasks. The vulnerability stems from loading local settings files without initially verifying their trustworthiness. Specifically, the trusted config paths setting, when set to '/', allows any absolute path to be considered trusted. This bypasses the intended security measures. A related issue allows local yes = true or ci = true settings to auto-approve trust prompts in versions 2026.2.18 and later, though the primary exploit vector involves the trusted config paths setting. A proof-of-concept demonstrates that setting trusted config paths = ["/"] in a .mise.toml file allows execution of an attacker-controlled script via mise hook-env.

Recommendations Do not honor trust-control settings from non-global project config files. Specifically, ignore the trusted config paths, yes, ci, and paranoid fields when loading local project configuration files.