GNU CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Known exploited GNU CVE published 2026-01-26

CVE-2026-24061

CVE-2026-24061 is an argument injection vulnerability in GNU InetUtils that CISA added to its Known Exploited Vulnerabilities catalog on 2026-01-26. Because it is listed in KEV, organizations that use or bundle InetUtils should treat remediation as time-sensitive and follow the official vendor guidance and CISA instructions.

Known exploited GNU CVE published 2025-10-02

CVE-2014-6278

CISA lists CVE-2014-6278 as a GNU Bash OS command injection vulnerability and includes it in the Known Exploited Vulnerabilities catalog. That means defenders should treat it as actively abused in the wild and prioritize remediation for any system that uses GNU Bash directly or embeds it through downstream products.