CVE-2014-6278
Confirmed PUBLISHEDGNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers...
1 day faster than CISA KEV
Recommended Action
Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
At a Glance
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
- CVE Published
- Sep 30, 2014
- Exploitation Reported
- Jun 01, 2026
- CVSS
- 8.8 High
- EPSS
- 99.6%
Affected Versions
| Vendor | Product | Version | Status |
|---|---|---|---|
| n/a |
n/a
|
n/a |
Affected |
CVE References
- HPSBMU03165 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141577137423233&w=2
- SSRT101819 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=142721162228379&w=2
- HPSBMU03245 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=142358026505815&w=2
- HPSBMU03143 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141383026420882&w=2
- HPSBMU03182 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141585637922673&w=2
Show 105 more references
- HPSBST03155 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141576728022234&w=2
- openSUSE-SU-2014:1310 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html
- HPSBMU03246 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=142358078406056&w=2
- USN-2380-1 ubuntu.com · Vendor Advisory http://www.ubuntu.com/usn/USN-2380-1
- HPSBMU03217 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141879528318582&w=2
- SSRT101868 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=142118135300698&w=2
- HPSBST03129 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141383196021590&w=2
- HPSBMU03144 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141383081521087&w=2
- SUSE-SU-2014:1287 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004...
- MDVSA-2015:164 mandriva.com · Vendor Advisory http://www.mandriva.com/security/advisories?name=MDVSA-2015:164
- 20140926 GNU Bash Environment Variable Command Injection Vulnerability tools.cisco.com · Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/...
- HPSBST03157 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141450491804793&w=2
- HPSBST03154 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141577297623641&w=2
- HPSBGN03142 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141383244821813&w=2
- HPSBST03181 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141577241923505&w=2
- HPSBHF03145 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141383465822787&w=2
- HPSBGN03138 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141330468527613&w=2
- HPSBHF03125 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141345648114150&w=2
- HPSBHF03146 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141383353622268&w=2
- HPSBGN03141 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141383304022067&w=2
- JVN#55667175 jvn.jp · Third-Party Advisory http://jvn.jp/en/jp/JVN55667175/index.html
- 60433 secunia.com · Third-Party Advisory http://secunia.com/advisories/60433
- 61816 secunia.com · Third-Party Advisory http://secunia.com/advisories/61816
- 61442 secunia.com · Third-Party Advisory http://secunia.com/advisories/61442
- 61283 secunia.com · Third-Party Advisory http://secunia.com/advisories/61283
- 61654 secunia.com · Third-Party Advisory http://secunia.com/advisories/61654
- 62312 secunia.com · Third-Party Advisory http://secunia.com/advisories/62312
- 61703 secunia.com · Third-Party Advisory http://secunia.com/advisories/61703
- 61065 secunia.com · Third-Party Advisory http://secunia.com/advisories/61065
- JVNDB-2014-000126 jvndb.jvn.jp · Third-Party Advisory http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
- 61641 secunia.com · Third-Party Advisory http://secunia.com/advisories/61641
- 60325 secunia.com · Third-Party Advisory http://secunia.com/advisories/60325
- 60024 secunia.com · Third-Party Advisory http://secunia.com/advisories/60024
- 62343 secunia.com · Third-Party Advisory http://secunia.com/advisories/62343
- 61565 secunia.com · Third-Party Advisory http://secunia.com/advisories/61565
- 61313 secunia.com · Third-Party Advisory http://secunia.com/advisories/61313
- 61485 secunia.com · Third-Party Advisory http://secunia.com/advisories/61485
- 61312 secunia.com · Third-Party Advisory http://secunia.com/advisories/61312
- 60193 secunia.com · Third-Party Advisory http://secunia.com/advisories/60193
- 60063 secunia.com · Third-Party Advisory http://secunia.com/advisories/60063
- 60034 secunia.com · Third-Party Advisory http://secunia.com/advisories/60034
- 59907 secunia.com · Third-Party Advisory http://secunia.com/advisories/59907
- 58200 secunia.com · Third-Party Advisory http://secunia.com/advisories/58200
- 61643 secunia.com · Third-Party Advisory http://secunia.com/advisories/61643
- 61503 secunia.com · Third-Party Advisory http://secunia.com/advisories/61503
- 61552 secunia.com · Third-Party Advisory http://secunia.com/advisories/61552
- 61780 secunia.com · Third-Party Advisory http://secunia.com/advisories/61780
- 60044 secunia.com · Third-Party Advisory http://secunia.com/advisories/60044
- 61291 secunia.com · Third-Party Advisory http://secunia.com/advisories/61291
- 61287 secunia.com · Third-Party Advisory http://secunia.com/advisories/61287
- 61128 secunia.com · Third-Party Advisory http://secunia.com/advisories/61128
- 61471 secunia.com · Third-Party Advisory http://secunia.com/advisories/61471
- 60055 secunia.com · Third-Party Advisory http://secunia.com/advisories/60055
- 59961 secunia.com · Third-Party Advisory http://secunia.com/advisories/59961
- 61550 secunia.com · Third-Party Advisory http://secunia.com/advisories/61550
- 61633 secunia.com · Third-Party Advisory http://secunia.com/advisories/61633
- 61328 secunia.com · Third-Party Advisory http://secunia.com/advisories/61328
- 61129 secunia.com · Third-Party Advisory http://secunia.com/advisories/61129
- 61603 secunia.com · Third-Party Advisory http://secunia.com/advisories/61603
- 61857 secunia.com · Third-Party Advisory http://secunia.com/advisories/61857
- 39887 exploit-db.com · Exploit https://www.exploit-db.com/exploits/39887/
- 39568 exploit-db.com · Exploit https://www.exploit-db.com/exploits/39568/
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21685749
- supportcenter.checkpoint.com/supportcenter/portal supportcenter.checkpoint.com · CVE Record https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit...
- linux.oracle.com/errata/ELSA-2014-3093 linux.oracle.com · CVE Record http://linux.oracle.com/errata/ELSA-2014-3093
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21686479
- packetstormsecurity.com/files/137344/Sun-Secure-Global-Desktop-Oracl... packetstormsecurity.com · CVE Record http://packetstormsecurity.com/files/137344/Sun-Secure-Global-Desktop...
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21685541
- oracle.com/technetwork/topics/security/bashcve-2014-716... oracle.com · CVE Record http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2...
- kc.mcafee.com/corporate/index kc.mcafee.com · CVE Record https://kc.mcafee.com/corporate/index?page=content&id=SB10085
- www-947.ibm.com/support/entry/portal/docdisplay www-947.ibm.com · CVE Record http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5...
- support.f5.com/kb/en-us/solutions/public/15000/600/sol15629... support.f5.com · CVE Record https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
- security-tracker.debian.org/tracker/CVE-2014-6278 security-tracker.debian.org · CVE Record https://security-tracker.debian.org/tracker/CVE-2014-6278
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21685604
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21686445
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21686131
- kb.juniper.net/InfoCenter/index kb.juniper.net · CVE Record https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21685914
- support.hpe.com/hpsc/doc/public/display support.hpe.com · CVE Record https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId...
- packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shells... packetstormsecurity.com · CVE Record http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-...
- lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html lcamtuf.blogspot.com · CVE Record http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html
- bugzilla.redhat.com/show_bug.cgi bugzilla.redhat.com · CVE Record https://bugzilla.redhat.com/show_bug.cgi?id=1147414
- suse.com/support/shellshock suse.com · CVE Record https://www.suse.com/support/shellshock/
- support.hpe.com/hpsc/doc/public/display support.hpe.com · CVE Record https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId...
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
- linux.oracle.com/errata/ELSA-2014-3094 linux.oracle.com · CVE Record http://linux.oracle.com/errata/ELSA-2014-3094
- vmware.com/security/advisories/VMSA-2014-0010.html vmware.com · CVE Record http://www.vmware.com/security/advisories/VMSA-2014-0010.html
- novell.com/support/kb/doc.php novell.com · CVE Record http://www.novell.com/support/kb/doc.php?id=7015721
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21687079
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21686246
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
- support.novell.com/security/cve/CVE-2014-6278.html support.novell.com · CVE Record http://support.novell.com/security/cve/CVE-2014-6278.html
- qnap.com/i/en/support/con_show.php qnap.com · CVE Record http://www.qnap.com/i/en/support/con_show.php?cid=61
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
- support.citrix.com/article/CTX200223 support.citrix.com · CVE Record https://support.citrix.com/article/CTX200223
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
- support.citrix.com/article/CTX200217 support.citrix.com · CVE Record https://support.citrix.com/article/CTX200217
- lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.... lcamtuf.blogspot.com · CVE Record http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-n...
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21686494
- kb.bluecoat.com/index kb.bluecoat.com · CVE Record https://kb.bluecoat.com/index?page=content&id=SA82
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21685733
- www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
- arista.com/en/support/advisories-notices/security-advis... arista.com · CVE Record https://www.arista.com/en/support/advisories-notices/security-advisor...
Recommended Actions
- Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
- Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
- Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.
Known Exploited Vulnerability Sources
Catalogues that list this CVE as a known exploited vulnerability.
Per-source evidence links for KEV attestations are available through the KEVIntel Pro API.
Learn about Pro API access| Source | Added |
|---|---|
| CVE First | 2026-06-01 10:41 UTC |
| CISA | 2026-06-02 14:05 UTC |
Scanner Artifacts
Nuclei and Metasploit references linked to this CVE.
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/cups_bash_env_exec.rb | Apr 29, 2025 |
Virtual Patch
Compensating WAF rules to help reduce exposure to this CVE. Rule content and deployable vendor exports are available with KEVIntel Enterprise.
KEVIntel does not currently have a virtual patch for this CVE. When available, KEVIntel virtual patches ship as deployable ModSecurity, Cloudflare, and AWS WAF rules.
Enterprise feature. Virtual patch rule content and deployable vendor exports (ModSecurity, Cloudflare, AWS WAF) are available to KEVIntel Enterprise users.
CVSS Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitation Status
Exploited in the wild
Recorded 2026-06-01 10:41:37 UTC · CVE
Proof of concept available
Recorded 2025-04-28 15:02:17 UTC
Weaknesses (CWE)
-
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Scanner Integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/cups_bash_env_exec.rb | Apr 29, 2025 |
Potential Proof of Concepts
These PoCs are unverified and could contain malware. Use at your own risk.
Timeline
Key exploitation, disclosure, scanner coverage, and KEV attestation events for this CVE.
-
14:05 UTC about 2 months ago14:05 UTC · about 2 months ago
Added to CISA KEV
Listed in the CISA Known Exploited Vulnerabilities catalog
-
10:41 UTC about 2 months ago10:41 UTC · about 2 months ago
Added to KEVIntel KEV Feed
High-confidence, third-party attested exploitation
-
10:58 UTC about 1 year ago10:58 UTC · about 1 year ago
Metasploit module available
Exploit module available
-
15:02 UTC about 1 year ago15:02 UTC · about 1 year ago
Public PoC available
Public proof-of-concept code published
-
10:00 UTC almost 12 years ago10:00 UTC · almost 12 years ago
CVE published
Vulnerability disclosed publicly
-
00:00 UTC almost 12 years ago00:00 UTC · almost 12 years ago
CVE ID reserved
Identifier reserved by the CNA
Automate This Intelligence with the Pro API
Confidence scoring, exploit status, sensor telemetry, PoCs, scanner integrations, mentions, and tags are available programmatically for VM, SOC, and CTI workflows.
Pro API Example
GET /api/v2/pro/kevs/CVE-2014-6278
{
"cve_id": "CVE-2014-6278",
"title": "GNU Bash through 4.3 bash43-026 does not properly parse function definitions ...",
"affected_vendor": "GNU",
"affected_product": "Bash",
"affected_versions": [
{ "vendor": "...", "product": "...", "status": "affected", "display_label": "..." }
],
"confidence": "Confirmed",
"cvss_score": 8.8,
"epss_score": 0.99621,
"exploit_status": {
"exploited_in_the_wild": true,
"active_exploitation_observed": false
},
"sensor_telemetry": { "...": "Pro API fields" },
"proof_of_concepts": [ "..." ],
"scanner_integrations": [ "..." ]
}