What is CVE-2026-35197?

CVE-2026-35197 is a medium-severity vulnerability in Mattieb Dye, classified under Code Injection. CVSS score: 6.6/10. Published 2026-04-06.

How severe is CVE-2026-35197?

Medium severity. CVSS v3 base score is 6.6 out of 10.

RCE in Mattieb Dye

CVE-2026-35197

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exp…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.000 (10.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.6 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N.

Affected products

Mattieb Dye — versions < 1.1.1

Weakness classification (CWE)

CWE-94 — Code Injection

References

https://github.com/mattieb/dye/security/advisories/GHSA-3v4r-5vfh-3wjr (x_refsource_CONFIRM)
https://mattiebee.io/dye-template-advisory (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-35197?: CVE-2026-35197 is a medium-severity vulnerability in Mattieb Dye, classified under Code Injection. CVSS score: 6.6/10. Published 2026-04-06.
How severe is CVE-2026-35197?: Medium severity. CVSS v3 base score is 6.6 out of 10.