Arbitrary Code Execution Vulnerability in Dye Color Library by Mattiebee
CVE-2026-35197

6.6MEDIUM

Key Information:

Vendor: Mattieb
Status: Dye
Vendor: CVE Published:; 6 April 2026

What is CVE-2026-35197?

The Dye Color Library, a tool for shell scripts, had a vulnerability in versions prior to 1.1.1 where specific template expressions could lead to arbitrary code execution. This issue, identified and resolved by the library's author, poses a risk but is currently not known to be exploited in the wild. Users are encouraged to upgrade to version 1.1.1 or later to mitigate this risk.

Affected Version(s)

dye < 1.1.1

References

https://github.com/mattieb/dye/security/advisories/GHSA-3...

x_refsource_CONFIRM

https://mattiebee.io/dye-template-advisory

x_refsource_MISC

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2026
Vulnerability Reserved
Apr 1, 2026

CVE-2026-35197 Data

JSON