← back
CVE-2026-24061

CVE-2026-24061

CVSS 9.8 CRITICALEPSS 98.9%● KEVCWE-88
In short

A flaw in telnetd (a remote login service) allows attackers to bypass authentication and gain direct access as the root user by manipulating the USER environment variable. This is critical because it gives complete control of the system to unauthorized users.

Technical detail

telnetd in GNU Inetutils versions up to 2.7 fails to properly validate the USER environment variable, allowing remote attackers to bypass authentication by setting USER to "-f root". This enables unauthenticated remote code execution with root privileges. The vulnerability affects systems with telnetd enabled and exposed to untrusted networks.

Summary generated and translated by AI from the official description.
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
GNU · Inetutils
public PoCs found11
githubgithub.com/jacubes/CVE-2026-24061202githubgithub.com/ekomsSavior/telnet_scan11githubgithub.com/tc4dy/CVE-2026-24061-PoC-Exploit3githubgithub.com/K3ysTr0K3R/CVE-2026-240611githubgithub.com/akpmarcelin/CVE-2026-24061-lab0githubgithub.com/anxs3c/CVE-2026-24061-GNU-InetUtils-telnetd0githubgithub.com/obrunolima1910/CVE-2026-240610githubgithub.com/athack-ctf/chall2026-telneted0githubgithub.com/ahmadsadeeq/TelnetdBypass-0exploitdbwww.exploit-db.com/exploits/52524unverifiedcve_referencewww.openwall.com/lists/oss-security/2026/01/20/2#:~:text=root@...a%3A~%20USER='unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://codeberg.org/inetutils/inetutils/commit/ccba9f748aa8d50a38d7748e2e60362edd6a32cchttps://codeberg.org/inetutils/inetutils/commit/fd702c02497b2f398e739e3119bed0b23dd7aa7bhttps://lists.debian.org/debian-lts-announce/2026/01/msg00025.htmlhttps://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24061https://www.gnu.org/software/inetutils/https://www.labs.greynoise.io/grimoire/2026-01-22-f-around-and-find-out-18-hours-of-unsolicited-houseguests/index.htmlhttps://www.openwall.com/lists/oss-security/2026/01/20/2https://www.openwall.com/lists/oss-security/2026/01/20/2#:~:text=root@...a%3A~%20USER='https://www.openwall.com/lists/oss-security/2026/01/20/8https://www.vicarius.io/vsociety/posts/cve-2026-24061-detection-script-remote-authentication-bypass-in-gnu-inetutils-packagehttps://www.vicarius.io/vsociety/posts/cve-2026-24061-mitigation-script-remote-authentication-bypass-in-gnu-inetutils-package