Detect CVE-2026-33646: Mise Arbitrary Code Execution via Tera Template Injection in .tool-versions in Microsoft Sentinel
Detects exploitation of CVE-2026-33646, a critical trust bypass vulnerability in mise (formerly rtx) versions prior to 2026.3.10. Attackers can embed Tera template directives inside .tool-versions files to achieve arbitrary code execution when mise processes the file, bypassing trust checks. CVSS 9.6. PoC public.
MITRE ATT&CK
- Tactic
- Execution Persistence Defense Evasion
KQL Detection Query
let SuspiciousToolVersionsWrite = DeviceFileEvents
| where FileName =~ ".tool-versions" or FileName endswith ".tool-versions"
| where ActionType in ("FileCreated", "FileModified")
| extend FileContent = FileContent_Base64
| where isnotempty(FileContent)
| where base64_decode_tostring(FileContent) matches regex @"\{\%|\{\{|\{#"
| project TimeGenerated, DeviceId, DeviceName, InitiatingProcessAccountName, InitiatingProcessFileName, InitiatingProcessCommandLine, FolderPath, FileName, SHA256;
let MiseExecution = DeviceProcessEvents
| where FileName in~ ("mise", "mise.exe") or ProcessCommandLine has_any ("mise install", "mise trust", "mise run", "mise exec", "mise shell")
| project TimeGenerated, DeviceId, DeviceName, AccountName, FileName, ProcessCommandLine, InitiatingProcessFileName, ProcessId, SHA256;
SuspiciousToolVersionsWrite
| join kind=inner (MiseExecution) on DeviceId
| where MiseExecution_TimeGenerated between (TimeGenerated .. TimeGenerated + 5m)
| project TimeGenerated, DeviceName, AccountName, SuspiciousFile = FileName, ProcessCommandLine, FolderPath
| extend AlertDetails = strcat("Possible Tera template injection in .tool-versions executed via mise on ", DeviceName)Correlates suspicious .tool-versions file writes containing Tera template syntax ({% %}, {{ }}, {# #}) with subsequent mise process execution on the same device within 5 minutes.
Data Sources
Required Tables
False Positives & Tuning
- Legitimate mise configuration files that happen to contain Tera-like syntax in tool version strings
- Security researchers testing mise configurations in sandboxed lab environments
- Automated CI/CD pipelines that write .tool-versions files and immediately invoke mise
Other platforms for CVE-2026-33646
Testing Methodology
Validate this detection against 4 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.
- Test 1Inject Tera system() call into .tool-versions and invoke mise install
Expected signal: File write event for .tool-versions, followed by mise process launch, followed by child process executing 'id' or shell writing to /tmp/mise-pwned.txt
- Test 2Malicious .tool-versions via Git Clone Simulation
Expected signal: Directory creation, .tool-versions file write by shell (not interactive mise), then mise process launch with install argument
- Test 3mise trust bypass via template in project-local .tool-versions
Expected signal: osascript child process spawned from mise with suspicious arguments, .tool-versions read by mise process
- Test 4Enumerate environment variables via Tera template injection
Expected signal: File write of .tool-versions, mise process launch, child write to /tmp/mise-env-leak.txt containing environment variable value
Unlock Pro Content
Get the full detection package for CVE-2026-33646 including response playbook, investigation guide, and atomic red team tests.