CVE-2026-24061

Name of the Vulnerable Software and Affected Versions GNU Inetutils versions 1.9.3 through 2.7

Description A critical vulnerability exists in the telnetd component of GNU Inetutils, allowing remote attackers to bypass authentication and gain root access. This is achieved by manipulating the USER environment variable, specifically by setting it to "-f root". The vulnerability stems from improper input validation, where the telnetd server passes this unsanitized value to the login program, which then allows access without requiring a password. This flaw has been present since 2015 and has recently been actively exploited. Approximately 800,000 systems are estimated to be vulnerable. The vulnerability allows an attacker to gain full control of a compromised system, potentially leading to malware installation, data exfiltration, and lateral movement within a network. The USER environment variable is used to pre-populate the username during authentication, and the "-f" flag bypasses interactive authentication.

Recommendations Upgrade to GNU Inetutils version 2.8 or later. If upgrading is not immediately possible, disable the telnetd service entirely to mitigate the risk. Restrict access to the telnetd service to trusted IP addresses if it must remain enabled. Monitor system logs for suspicious login attempts and unusual activity.