diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
index a8f81bc6f6..ff0d0bb903 100644
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -2256,6 +2256,7 @@ phutil_register_library_map(array(
     'PhabricatorSetupCheckPath' => 'applications/config/check/PhabricatorSetupCheckPath.php',
     'PhabricatorSetupCheckPygment' => 'applications/config/check/PhabricatorSetupCheckPygment.php',
     'PhabricatorSetupCheckRepositories' => 'applications/config/check/PhabricatorSetupCheckRepositories.php',
+    'PhabricatorSetupCheckSecurity' => 'applications/config/check/PhabricatorSetupCheckSecurity.php',
     'PhabricatorSetupCheckStorage' => 'applications/config/check/PhabricatorSetupCheckStorage.php',
     'PhabricatorSetupCheckTimezone' => 'applications/config/check/PhabricatorSetupCheckTimezone.php',
     'PhabricatorSetupIssue' => 'applications/config/issue/PhabricatorSetupIssue.php',
@@ -5240,6 +5241,7 @@ phutil_register_library_map(array(
     'PhabricatorSetupCheckPath' => 'PhabricatorSetupCheck',
     'PhabricatorSetupCheckPygment' => 'PhabricatorSetupCheck',
     'PhabricatorSetupCheckRepositories' => 'PhabricatorSetupCheck',
+    'PhabricatorSetupCheckSecurity' => 'PhabricatorSetupCheck',
     'PhabricatorSetupCheckStorage' => 'PhabricatorSetupCheck',
     'PhabricatorSetupCheckTimezone' => 'PhabricatorSetupCheck',
     'PhabricatorSetupIssueExample' => 'PhabricatorUIExample',
diff --git a/src/applications/config/check/PhabricatorSetupCheckSecurity.php b/src/applications/config/check/PhabricatorSetupCheckSecurity.php
new file mode 100644
index 0000000000..f399d5302d
--- /dev/null
+++ b/src/applications/config/check/PhabricatorSetupCheckSecurity.php
@@ -0,0 +1,49 @@
+<?php
+
+final class PhabricatorSetupCheckSecurity extends PhabricatorSetupCheck {
+
+  protected function executeChecks() {
+
+    // This checks for a version of bash with the "Shellshock" vulnerability.
+    // For details, see T6185.
+
+    $payload = array(
+      'SHELLSHOCK_PAYLOAD' => '() { :;} ; echo VULNERABLE',
+    );
+
+    list($err, $stdout) = id(new ExecFuture('echo shellshock-test'))
+      ->setEnv($payload, $wipe_process_env = true)
+      ->resolve();
+
+    if (!$err && preg_match('/VULNERABLE/', $stdout)) {
+      $summary = pht(
+        'This system has an unpatched version of Bash with a severe, widely '.
+        'disclosed vulnerability.');
+
+      $message = pht(
+        'The version of %s on this system is out of date and contains a '.
+        'major, widely disclosed vulnerability (the "Shellshock" '.
+        'vulnerability).'.
+        "\n\n".
+        'Upgrade %s to a patched version.'.
+        "\n\n".
+        'To learn more about how this issue affects Phabricator, see %s.',
+        phutil_tag('tt', array(), 'bash'),
+        phutil_tag('tt', array(), 'bash'),
+        phutil_tag(
+          'a',
+          array(
+            'href' => 'https://secure.phabricator.com/T6185',
+            'target' => '_blank',
+          ),
+          pht('T6185 "Shellshock" Bash Vulnerability')));
+
+      $this
+        ->newIssue('security.shellshock')
+        ->setName(pht('Severe Security Vulnerability: Unpatched Bash'))
+        ->setSummary($summary)
+        ->setMessage($message);
+    }
+
+  }
+}