Medium severity6.6NVD Advisory· Published Apr 6, 2026· Updated Apr 16, 2026

CVE-2026-35197

Description

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1.

Affected products

Mattiebee/Dye
cpe:2.3:a:mattiebee:dye:1.1.0:*:*:*:*:*:*:*
dye/dyellm-create
Range: <1.1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

mattiebee.io/dye-template-advisorynvdExploitVendor Advisory
github.com/mattieb/dye/security/advisories/GHSA-3v4r-5vfh-3wjrnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.429
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000