Detections
Analytics

CVE-2026-24061

critical

Description

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

References

https://www.vicarius.io/vsociety/posts/cve-2026-24061-mitigation-script-remote-authentication-bypass-in-gnu-inetutils-package

https://www.vicarius.io/vsociety/posts/cve-2026-24061-detection-script-remote-authentication-bypass-in-gnu-inetutils-package

https://www.openwall.com/lists/oss-security/2026/01/20/2#:~:[email protected]%3A~%20USER='

https://lists.debian.org/debian-lts-announce/2026/01/msg00025.html

https://thehackernews.com/2026/02/83-of-ivanti-epmm-exploits-linked-to.html

https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/

https://www.greynoise.io/blog/active-ivanti-exploitation

https://www.securityweek.com/organizations-warned-of-exploited-linux-vulnerabilities/

https://www.databreachtoday.com/telnet-flaw-800000-servers-at-risk-amid-active-attacks-a-30604

https://www.darkreading.com/ics-ot-security/critical-telnet-server-flaw-forgotten-attack-surface

https://securityaffairs.com/187375/security/u-s-cisa-adds-microsoft-office-gnu-inetutils-smartertools-smartermail-and-linux-kernel-flaws-to-its-known-exploited-vulnerabilities-catalog.html

https://www.cisa.gov/news-events/alerts/2026/01/26/cisa-adds-five-known-exploited-vulnerabilities-catalog

https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-telnetd-auth-bypass-flaw-to-get-root/

https://www.theregister.com/2026/02/11/were_telcos_tipped_off_to/

https://www.bleepingcomputer.com/news/security/nearly-800-000-telnet-servers-exposed-to-remote-attacks/

https://securityaffairs.com/187255/security/11-year-old-critical-telnetd-flaw-found-in-gnu-inetutils-cve-2026-24061.html

https://www.theregister.com/2026/01/22/root_telnet_bug/

https://thehackernews.com/2026/01/critical-gnu-inetutils-telnetd-flaw.html

https://www.openwall.com/lists/oss-security/2026/01/20/8

https://www.openwall.com/lists/oss-security/2026/01/20/2

https://www.gnu.org/software/inetutils/

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24061

https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html

https://codeberg.org/inetutils/inetutils/commit/fd702c02497b2f398e739e3119bed0b23dd7aa7b

https://codeberg.org/inetutils/inetutils/commit/ccba9f748aa8d50a38d7748e2e60362edd6a32cc

http://www.openwall.com/lists/oss-security/2026/01/22/1

Details

Source: Mitre, NVD

Published: 2026-01-21

Updated: 2026-02-11

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.8389

Vulnerability Watch

Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.

Vulnerability Being Monitored