Known Vulnerabilities for Bash by Gnu

Listed below are 10 of the newest known vulnerabilities associated with "Bash" by "Gnu".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-34430 ByteDance Deer-Flow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allow... Not Provided 2026-04-01 2026-04-01
CVE-2026-0596 A command injection vulnerability exists in mlflow/mlflow when serving a model with `enable_mlserver=True`. The `model_uri` i... Not Provided 2026-03-31 2026-04-01
CVE-2019-18276 An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its... 7.8 - HIGH 2019-11-28 2023-11-07
CVE-2019-9924 rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any... 7.8 - HIGH 2019-03-22 2022-04-05
CVE-2017-5932 The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (d... 7.8 - HIGH 2017-03-27 2017-03-31
CVE-2016-9401 popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. 5.5 - MEDIUM 2017-01-23 2020-09-14
CVE-2016-7543 Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environme... 8.4 - HIGH 2017-01-19 2023-11-07
CVE-2016-0634 The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell ... 7.5 - HIGH 2017-08-28 2018-01-05
CVE-2014-7169 GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of envi... 10 - HIGH 2014-09-25 2021-11-17
CVE-2014-6278 GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which al... 10 - HIGH 2014-09-30 2021-11-17
Results limited to 10 most recent vulnerabilities

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationGnuBash5.0rc1AllAll
ApplicationGnuBash5.0beta2AllAll
ApplicationGnuBash5.0beta1AllAll
ApplicationGnuBash5.0-AllAll
ApplicationGnuBash4.4.18AllAllAll
ApplicationGnuBash4.4.12AllAllAll
ApplicationGnuBash4.4patch17AllAll
ApplicationGnuBash4.4AllAllAll
ApplicationGnuBash4.4patch16AllAll
ApplicationGnuBash4.4patch15AllAll
ApplicationGnuBash4.4patch14AllAll
ApplicationGnuBash4.4patch13AllAll
ApplicationGnuBash4.4patch12AllAll
ApplicationGnuBash4.4patch11AllAll
ApplicationGnuBash4.4patch10AllAll
ApplicationGnuBash4.4patch1AllAll
ApplicationGnuBash4.4beta2AllAll
ApplicationGnuBash4.4beta1AllAll
ApplicationGnuBash4.4-AllAll
ApplicationGnuBash4.4patch18AllAll
Results limited to 20 most recent known configurations
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report