Remote telnetd bypass reaches root on GNU InetUtils

Attackers are probing a critical remote authentication bypass in **GNU InetUtils telnetd** that can let a remote client skip login and reach **root** on affected systems. The flaw is tracked as **CVE-2026-24061** and affects **GNU InetUtils 1.9.3 through 2.7**. A crafted `USER` value of `-f root` sent with telnet `-a` or `--login` can reach `login(1)` without proper sanitization because telnetd forwards the value into `login(1)`, which treats `-f` as a request to bypass authentication. The issue was introduced in a March 19, 2015 code change and disclosed on 2026-01-22 after a researcher reported the sanitization flaw. GreyNoise has observed 21 unique IP addresses from multiple countries attempting exploitation within 24 hours of disclosure. Recommended actions are to patch, restrict telnet access to trusted clients, disable telnetd, or use a custom `login(1)` implementation that rejects `-f`.