A critical authentication bypass vulnerability (CVE-2026-24061) in the GNU InetUtils telnet daemon (telnetd), affecting versions 1.9.3 through 2.7, allows remote attackers to gain root by supplying a crafted USER environment value. The flaw, introduced in 2015 and reported in January 2026, is being actively probed in the wild and should be mitigated by applying patches, restricting telnet access, or disabling the service. #GNUInetUtils #CVE-2026-24061
Keypoints
- CVE-2026-24061 is a remote authentication bypass in telnetd affecting GNU InetUtils 1.9.3 through 2.7.
- Supplying a USER value of β-f rootβ causes login(1) to bypass authentication and grant root access.
- The vulnerability was introduced by a March 19, 2015 commit and shipped in the 1.9.3 release.
- Security researcher Kyu Neushwaistein (Carlos Cortes Alvarez) reported the flaw on January 19, 2026.
- Active probes from 21 IPs have been observed; mitigations include patching, restricting telnet access, disabling telnetd, or using a custom login that disallows the β-fβ flag.
Read More: https://thehackernews.com/2026/01/critical-gnu-inetutils-telnetd-flaw.html