Local File Manipulation Vulnerability in Mise Dev Tools
CVE-2026-35533

7.8HIGH

Key Information:

Vendor: Jdx
Status: Mise
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-35533?

Mise Dev Tools has a vulnerability that allows attackers to exploit a local project configuration file, .mise.toml, which is loaded before trust checks are applied. An attacker can insert malicious directives into this file which may lead to untrusted commands being executed, enabling them to potentially manipulate the development environment, trigger undesired behaviors, or execute harmful actions within the tools that rely on this compromised setup.

Affected Version(s)

mise >= 2026.2.18, <= 2026.4.5

References

https://github.com/jdx/mise/security/advisories/GHSA-436v...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Apr 3, 2026

CVE-2026-35533 Data

JSON

Jdx

What is CVE-2026-35533?

Affected Version(s)

References

CVSS V3.1

Timeline