CVE-2026-35197

MEDIUM 6.6

Code injection in dye template expressions

CVSS Score

6.6

EPSS Score

0.0%

EPSS Percentile

5th

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1.

CWE	CWE-94
Vendor	mattieb
Product	dye
Published	Apr 6, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for mattieb dye

Be the first to know when new medium vulnerabilities affecting mattieb dye are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Affected Versions

mattieb / dye

< 1.1.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/mattieb/dye/security/advisories/GHSA-3v4r-5vfh-3wjr mattiebee.io: https://mattiebee.io/dye-template-advisory