CVE-2026-24061

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

GNU Inetutils and Affected Versions GNU Inetutils versions 1.9.3 through 2.7

Description A critical flaw exists in the telnetd service within GNU Inetutils, allowing for remote authentication bypass. This issue, present for approximately 11 years, enables attackers to gain root access by manipulating the

USER

environment variable. Specifically, setting the

USER

variable to '-f root' circumvents normal authentication processes. The vulnerability resides in how the

telnetd

server passes the

USER

environment variable to the

/usr/bin/login

function without proper sanitization. Active exploitation of this vulnerability has been observed, with reports indicating attempts from multiple countries. Approximately 41,000 instances are exposed. The vulnerability affects the

/usr/bin/login

function, which is normally executed as root.

Recommendations Disable the

telnetd

service immediately and migrate to secure alternatives like SSH. If

telnetd

usage is unavoidable, restrict network access to trusted internal sources only.

Exploit

Fix

RCE

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-88

Related Identifiers

CVE-2026-24061

Affected Products

Inetutils

CVE-2026-24061

Weakness Enumeration

Related Identifiers

Affected Products

References · 46