Open Nav
Sign Up

CVE-2026-24061: GNU Inetutils telnetd Remote Authentication Bypass

CVE-2026-24061

Filip Dimitrov

January 23, 2026

CVE-2026-24061 is a pre-authentication remote authentication bypass in GNU Inetutils telnetd. The flaw carries a Critical CVSS:3.1 severity score of 9.8 and allows an attacker to obtain root access by abusing how telnetd passes the USER environment variable into the system login process without properly sanitizing arguments. 

Open-source reporting indicates exploitation exists “in the wild,” and defenders should treat exposed telnetd services as immediately high risk.

Affected Products

GNU Inetutils telnetd versions 1.9.3 through 2.7 (inclusive)

Technical Details

telnetd can accept environment options from a remote Telnet client. In vulnerable versions, the daemon passes the USER value into the underlying login invocation without neutralizing argument delimiters, enabling argument injection.

A known abuse case is setting USER to -f root

On many systems, login -f <user> is treated as a “pre-authenticated” flow, which can lead to logging in as root without a password (implementation/behavior can vary by distro/login configuration, but the risk is severe when telnetd is reachable).

Exploitation Conditions

  • Network reachable telnetd (typically TCP/23)
  • No credentials required (pre-auth)
  • Low complexity; high impact (C/I/A all High per CNA vector)

Impact

Successful exploitation of this vulnerability can result in remote root access, giving an attacker full control over the affected system.

With root-level privileges, adversaries can completely compromise the host, including establishing persistence, moving laterally within the environment, exfiltrating sensitive data, or performing destructive actions.

Mitigation and Remediation

  1. Disable Telnet (telnetd) entirely. Telnet is insecure-by-design and should not be used for remote administration.
  2. If Telnet cannot be removed immediately:
    • Restrict access to Telnet port(s) to a tightly controlled admin subnet (firewall rules / ACLs / segmentation).

Patching

  • Upgrade to a fixed version beyond 2.7 once available in your distribution/appliance channel.
  • Some distros may backport patches; follow vendor guidance (e.g., Ubuntu provides patch references for inetutils).

Hardening

  • Identify and remove legacy remote access paths (Telnet, rsh/rlogin equivalents).
  • Ensure remote admin is via SSH with MFA where feasible.

Stay Safe. Stay Secure

OP Innovate Research Team

Under Cyber Attack?

Fill out the form and we will contact you immediately.