What is CVE-2026-55448?

CVE-2026-55448 is a medium-severity vulnerability in Jdx Mise, classified under OS Command Injection. CVSS score: 6.3/10. Published 2026-06-26.

How severe is CVE-2026-55448?

Medium severity. CVSS v3 base score is 6.3 out of 10.

RCE in Jdx Mise

CVE-2026-55448

mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_command from local project config before any trust decision, then executes that value with sh -c when resolving a G…

Vulnerability class: Command Injection (OS Command Injection)

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N.

Affected products

Jdx Mise — versions < 2026.6.4

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-55448?: CVE-2026-55448 is a medium-severity vulnerability in Jdx Mise, classified under OS Command Injection. CVSS score: 6.3/10. Published 2026-06-26.
How severe is CVE-2026-55448?: Medium severity. CVSS v3 base score is 6.3 out of 10.