CVE-2026-35197

Published: Apr 6, 2026

Modified: Apr 7, 2026

PUBLISHED

CVSS v3.1

6.6

MEDIUM

Description

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1.

Vendor	Product	Versions
mattieb	dye	affected `< 1.1.1`

Weaknesses (CWE)

CWE-94

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

References

https://github.com/mattieb/dye/security/advisories/GHSA-3v4r-5vfh-3wjr

x_refsource_CONFIRM

https://mattiebee.io/dye-template-advisory

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-35197

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References