← ExploitWatch
HomeExploited Vulnerabilities

CVE-2014-6278 — Actively Exploited: GNU Bash (GNU)

GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment.

CVE IDCVE-2014-6278
VendorGNU
ProductGNU Bash
Vulnerability nameGNU Bash OS Command Injection Vulnerability
Date added2025-10-02
Remediation due2025-10-23
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionGNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →