{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35533", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-03T02:15:39.281Z", "datePublished": "2026-04-07T21:01:16.670Z", "dateUpdated": "2026-04-08T14:31:40.953Z"}, "containers": {"cna": {"title": "mise has a local settings bypass config trust checks", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/jdx/mise/security/advisories/GHSA-436v-8fw5-4mj8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jdx/mise/security/advisories/GHSA-436v-8fw5-4mj8"}], "affected": [{"vendor": "jdx", "product": "mise", "versions": [{"version": ">= 2026.2.18, <= 2026.4.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-07T21:01:16.670Z"}, "descriptions": [{"lang": "en", "value": "mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mise loads trust-control settings from a local project .mise.toml before the trust check runs. An attacker who can place a malicious .mise.toml in a repository can make that same file appear trusted and then reach dangerous directives such as [env] _.source, templates, hooks, or tasks."}], "source": {"advisory": "GHSA-436v-8fw5-4mj8", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T14:31:30.713607Z", "id": "CVE-2026-35533", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T14:31:40.953Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35533", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-08T14:31:30.713607Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T14:31:35.675Z"}}], "cna": {"title": "mise has a local settings bypass config trust checks", "source": {"advisory": "GHSA-436v-8fw5-4mj8", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "jdx", "product": "mise", "versions": [{"status": "affected", "version": ">= 2026.2.18, <= 2026.4.5"}]}], "references": [{"url": "https://github.com/jdx/mise/security/advisories/GHSA-436v-8fw5-4mj8", "name": "https://github.com/jdx/mise/security/advisories/GHSA-436v-8fw5-4mj8", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mise loads trust-control settings from a local project .mise.toml before the trust check runs. An attacker who can place a malicious .mise.toml in a repository can make that same file appear trusted and then reach dangerous directives such as [env] _.source, templates, hooks, or tasks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-07T21:01:16.670Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35533", "state": "PUBLISHED", "dateUpdated": "2026-04-08T14:31:40.953Z", "dateReserved": "2026-04-03T02:15:39.281Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-07T21:01:16.670Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mise loads trust-control settings from a local project .mise.toml before the trust check runs. An attacker who can place a malicious .mise.toml in a repository can make that same file appear trusted and then reach dangerous directives such as [env] _.source, templates, hooks, or tasks."}], "id": "CVE-2026-35533", "lastModified": "2026-04-08T21:27:00.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-07T21:17:17.870", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/jdx/mise/security/advisories/GHSA-436v-8fw5-4mj8"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2026.2.18,2026.4.5]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "mise", "source": "cna", "vendor": "jdx"}, "product": "mise", "vendor": "jdx"}], "analysis": {"en": {"generated_at": "2026-04-07T23:15:19.261449+00:00", "value": {"mitigation_remediation": ["Update mise to version 2026.4.6 or later from the official project release channel.", "Verify that configuration files are only sourced from trusted repositories or directories.", "Configure or review the trust-control settings to enforce stricter validation before executing directives such as [env].source, templates, hooks, or tasks.", "If an immediate update is not possible, restrict file write permissions on the .mise.toml location to prevent unauthorized creation."], "summary": {"action": "Apply patch", "impact": "Execution of arbitrary code via trusted configuration"}, "threat_synthesis": {"affected_systems": "Vendors affected are initiatives that use the mise tool, specifically the product mised from the jdx organization. Versions from 2026.2.18 through 2026.4.5 are impacted. Later releases such as 2026.4.6 and above are not known to be affected.", "description_and_impact": "The vulnerability allows an attacker who can place a malicious .mise.toml file in a repository to bypass trust checks that normalmente prohibit untrusted configuration. The file is read and loaded before the integrity verification steps, enabling execution of dangerous directives such as environment sources, templates, hooks, or tasks. As these directives can run arbitrary commands, an attacker can gain code execution within the local environment, potentially escalating privileges or compromising the host.", "risk_and_exploitability": "The CVSS score is 7.8, indicating a high severity. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be local \u2013 an attacker must have the ability to place a file in a project repository, but once there the path to execute commands is straightforward. The weakness is captured by CWE-284, describing improper privilege management. Consequently, the risk profile is high for environments that automatically trust local configuration files."}}}}, "created": "2026-04-08T19:34:13.313510+00:00", "updated": "2026-04-08T19:45:41.011975+00:00", "vendors": ["jdx", "jdx$PRODUCT$mise"]}