CVE-2026-28372

Name of the Vulnerable Software and Affected Versions GNU inetutils versions through 2.7

Description A privilege escalation issue exists in telnetd within GNU inetutils. The issue stems from improper handling of the CREDENTIALS DIRECTORY environment variable, introduced with systemd service credentials support in the login(1) implementation of util-linux release 2.40. An unprivileged local user can exploit this by creating a login.noauth file.

Recommendations Update to a version of GNU inetutils later than 2.7.