CISA added five vulnerabilities to its Known Exploited Vulnerabilities catalog, including two Linux flaws: a critical GNU Inetutils telnetd authentication bypass (CVE-2026-24061) and a kernel integer overflow (CVE-2018-14634). Exploit activity was observed for the telnetd bug and CISA urged federal agencies to remediate all five issues — which also include two SmarterMail bugs and a Microsoft Office zero-day — by February 16. #CVE-2026-24061 #GNUInetutils
Keypoints
- CISA added five flaws to the KEV catalog, highlighting active exploitation concerns.
- CVE-2026-24061 is a critical authentication bypass in GNU telnetd that can lead to remote code execution and root shells by manipulating the USER environment variable.
- GreyNoise reported 60 exploitation attempts from 18 unique sources shortly after CVE-2026-24061 was disclosed.
- CVE-2018-14634 is a kernel integer overflow that can enable privilege escalation on systems with at least 32GB of RAM, with no prior in-the-wild reports.
- CISA directed federal agencies to address all five vulnerabilities, including two SmarterMail bugs and a Microsoft Office zero-day, by February 16.
Read More: https://www.securityweek.com/organizations-warned-of-exploited-linux-vulnerabilities/