CVE-2026-55441: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in jdx mise
mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files (mise.toml, .tool-versions) through trust_check, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir (mise-tasks/, .mise/tasks/, …) but no config file, mise falls back to the default includes and renders each task's tera fields — and that tera environment has exec() registered. A {{ exec(command='…') }} in any rendered field runs arbitrary commands the moment the tasks are merely listed. There's no config file to gate on, so no trust prompt ever appears. Read-only commands trigger it: mise tasks, mise task ls, mise run, mise tasks --usage (the query shell completion runs on Tab). The victim only has to cd into a cloned repo and list or tab-complete a task. This vulnerability is fixed in 2026.6.4.
AI Analysis
Technical Summary
The jdx mise tool manages development tools and uses a trust feature to gate config files through trust_check. However, task-include files are loaded on a path that bypasses this check. When a directory contains a task-include directory but lacks a config file, mise falls back to default includes and renders task tera fields. The tera environment registers an exec() function, enabling an attacker to inject OS commands via a {{ exec(command='...') }} expression in any rendered field. This command executes immediately when tasks are listed or tab-completed, without any user prompt. This vulnerability allows arbitrary command execution with the privileges of the user running mise. It is fixed in mise version 2026.6.4.
Potential Impact
An attacker who can place a malicious task-include file in a directory can execute arbitrary OS commands on the victim's system when the victim lists or tab-completes tasks using mise. This can lead to full compromise of the user's environment, including confidentiality, integrity, and availability impacts. The vulnerability requires the victim to interact with the tool in a directory containing the malicious files but does not require elevated privileges or prior trust prompts.
Mitigation Recommendations
This vulnerability is fixed in mise version 2026.6.4. Users should upgrade to version 2026.6.4 or later to remediate this issue. No official patch or temporary fix is indicated other than upgrading. Until upgraded, avoid running mise commands in untrusted directories containing task-include files.
CVE-2026-55441: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in jdx mise
Description
mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files (mise.toml, .tool-versions) through trust_check, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir (mise-tasks/, .mise/tasks/, …) but no config file, mise falls back to the default includes and renders each task's tera fields — and that tera environment has exec() registered. A {{ exec(command='…') }} in any rendered field runs arbitrary commands the moment the tasks are merely listed. There's no config file to gate on, so no trust prompt ever appears. Read-only commands trigger it: mise tasks, mise task ls, mise run, mise tasks --usage (the query shell completion runs on Tab). The victim only has to cd into a cloned repo and list or tab-complete a task. This vulnerability is fixed in 2026.6.4.
CVSS v3.1
Score 8.6high
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The jdx mise tool manages development tools and uses a trust feature to gate config files through trust_check. However, task-include files are loaded on a path that bypasses this check. When a directory contains a task-include directory but lacks a config file, mise falls back to default includes and renders task tera fields. The tera environment registers an exec() function, enabling an attacker to inject OS commands via a {{ exec(command='...') }} expression in any rendered field. This command executes immediately when tasks are listed or tab-completed, without any user prompt. This vulnerability allows arbitrary command execution with the privileges of the user running mise. It is fixed in mise version 2026.6.4.
Potential Impact
An attacker who can place a malicious task-include file in a directory can execute arbitrary OS commands on the victim's system when the victim lists or tab-completes tasks using mise. This can lead to full compromise of the user's environment, including confidentiality, integrity, and availability impacts. The vulnerability requires the victim to interact with the tool in a directory containing the malicious files but does not require elevated privileges or prior trust prompts.
Mitigation Recommendations
This vulnerability is fixed in mise version 2026.6.4. Users should upgrade to version 2026.6.4 or later to remediate this issue. No official patch or temporary fix is indicated other than upgrading. Until upgraded, avoid running mise commands in untrusted directories containing task-include files.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-06-16T21:59:57.017Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3eb5316e08203f7dd21fcd
Added to database: 06/26/2026, 17:21:53 UTC
Last enriched: 06/26/2026, 17:36:43 UTC
Last updated: 06/26/2026, 17:52:51 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.