Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-2011

NIXPKGS-2026-2011
published 6 hours ago
mise: security issues < 2026.6.4
Permalink CVE-2026-55448
6.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
updated 6 hours ago by @LeSuisse Activity log
  • Created suggestion 12 hours ago
  • @LeSuisse ignored
    10 packages
    • ocamlPackages.promise_jsoo
    • python312Packages.heatmiserv3
    • python313Packages.heatmiserv3
    • python314Packages.heatmiserv3
    • haskellPackages.unsafe-promises
    • ocamlPackages_latest.promise_jsoo
    • python313Packages.promise
    • haskellPackages.promises
    • python312Packages.promise
    • python314Packages.promise
    6 hours ago
  • @LeSuisse accepted 6 hours ago
  • @LeSuisse published on GitHub 6 hours ago
mise: Local credential_command executes untrusted config

mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_command from local project config before any trust decision, then executes that value with sh -c when resolving a GitHub token. An attacker who can place a .mise.toml in a repository can execute arbitrary shell commands when the victim runs a GitHub-related mise command and no higher-priority GitHub token environment variable is set. This vulnerability is fixed in 2026.6.4.

Affected products

mise
  • ==< 2026.6.4

Matching in nixpkgs

Ignored packages (10)

Package maintainers

Permalink CVE-2026-54557
5.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
updated 6 hours ago by @LeSuisse Activity log
  • Created suggestion 12 hours ago
  • @LeSuisse ignored
    10 packages
    • haskellPackages.promises
    • python312Packages.promise
    • python313Packages.promise
    • python314Packages.promise
    • ocamlPackages.promise_jsoo
    • python312Packages.heatmiserv3
    • python313Packages.heatmiserv3
    • python314Packages.heatmiserv3
    • haskellPackages.unsafe-promises
    • ocamlPackages_latest.promise_jsoo
    6 hours ago
  • @LeSuisse accepted 6 hours ago
  • @LeSuisse published on GitHub 6 hours ago
mise HTTP backend uses raw version path for install symlink destination

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlink path uses the raw value. On Unix-like systems, if that version is an absolute path, PathBuf::join discards the intended mise installs root. A repository-controlled .tool-versions file can therefore make mise install create a symlink outside the mise install tree. With bin_path, the same issue can place an executable symlink under an attacker-selected absolute prefix, such as a developer-tool prefix that is later added to PATH. This vulnerability is fixed in 2026.6.1.

Affected products

mise
  • ==< 2026.6.1

Matching in nixpkgs

Ignored packages (10)

Package maintainers

Permalink CVE-2026-55441
8.6 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Changed (C)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 6 hours ago by @LeSuisse Activity log
  • Created suggestion 12 hours ago
  • @LeSuisse ignored
    10 packages
    • haskellPackages.promises
    • python314Packages.promise
    • ocamlPackages.promise_jsoo
    • python312Packages.heatmiserv3
    • python313Packages.heatmiserv3
    • python314Packages.heatmiserv3
    • haskellPackages.unsafe-promises
    • ocamlPackages_latest.promise_jsoo
    • python313Packages.promise
    • python312Packages.promise
    6 hours ago
  • @LeSuisse accepted 6 hours ago
  • @LeSuisse published on GitHub 6 hours ago
mise: Arbitrary command execution via task-include files in an untrusted, config-less repository

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files (mise.toml, .tool-versions) through trust_check, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir (mise-tasks/, .mise/tasks/, …) but no config file, mise falls back to the default includes and renders each task's tera fields — and that tera environment has exec() registered. A {{ exec(command='…') }} in any rendered field runs arbitrary commands the moment the tasks are merely listed. There's no config file to gate on, so no trust prompt ever appears. Read-only commands trigger it: mise tasks, mise task ls, mise run, mise tasks --usage (the query shell completion runs on Tab). The victim only has to cd into a cloned repo and list or tab-complete a task. This vulnerability is fixed in 2026.6.4.

Affected products

mise
  • ==< 2026.6.4

Matching in nixpkgs

Ignored packages (10)

Package maintainers