#cve-2026-24061

[ follow ]
#telnetd #telnet #port-23-filtering #transit-providers #greynoise #gnu-telnetd-authentication-bypass
Information security
fromTheregister
1 week ago

Infosec researchers mull curious case of Telnet ancient flaw

Tier-1 transit operators likely applied port 23 filtering after advance warning of a critical GNU InetUtils telnetd flaw (CVE-2026-24061), collapsing Telnet traffic.
Information security
fromSecurityWeek
3 weeks ago

Organizations Warned of Exploited Linux Vulnerabilities

Critical GNU Inetutils telnetd authentication bypass (CVE-2026-24061) enables remote root via crafted Telnet USER variable, and kernel integer overflow (CVE-2018-14634) permits privilege escalation.
fromThe Hacker News
4 weeks ago

Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access

A critical security flaw has been disclosed in the GNU InetUtils telnet daemon ( telnetd) that went unnoticed for nearly 11 years. The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of 10.0 on the CVSS scoring system. It affects all versions of GNU InetUtils from version 1.9.3 up to and including version 2.7. "Telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a '-f root' value for the USER environment variable," according to a description of the flaw in the NIST National Vulnerability Database (NVD).
Information security
Information security
fromTheregister
4 weeks ago

Ancient telnet bug happily hands out root to attackers

A trivial argument-injection in GNU InetUtils telnetd (CVE-2026-24061) allows remote attackers to bypass authentication and gain root access; active exploitation observed.
[ Load more ]