Vulnerability
Remote telnetd bypass reaches root on GNU InetUtils
Updated 14.02.2026 18:02
Case score 59
Why this score?
Case score is a discovery signal based on public evidence, not a guaranteed risk rating. Use it to decide what to review first, then verify important details from the linked sources.
- Total
- 59
- Main story score
- 59
- Related evidence lift
- +0 / 20
- Contributing updates
- 0
- Context updates
- 0
Top contributors
- Vulnerability Critical GNU InetUtils telnetd remote authentication bypass with active probing observed after disclosure. main
Case score 59
Members 1
Latest activity 14.02.2026 18:02
Active exploitation
Patch available
CVSS: 9.8 Critical
Members 1
First seen 22.01.2026 18:30
Last seen 22.01.2026 18:30
Updated 14.02.2026 18:02
Overview
A critical remote authentication bypass in **GNU InetUtils telnetd** lets remote clients skip login and reach **root** on affected releases. **CVE-2026-24061** affects **GNU InetUtils 1.9.3 through 2.7**, and probing has already been observed from multiple countries after disclosure.
Patch, restrict telnet to trusted clients, or disable telnetd; a custom `login(1)` that rejects `-f` is another mitigation. Available evidence confirms active probing, but successful compromise and victim counts are not established.
Attackers are probing a critical remote authentication bypass in **GNU InetUtils telnetd** that can let a remote client skip login and reach **root** on affected systems. The flaw is tracked as **CVE-2026-24061** and affects **GNU InetUtils 1.9.3 through 2.7**. A crafted `USER` value of `-f root` sent with telnet `-a` or `--login` can reach `login(1)` without proper sanitization because telnetd forwards the value into `login(1)`, which treats `-f` as a request to bypass authentication.
The issue was introduced in a March 19, 2015 code change and disclosed on 2026-01-22 after a researcher reported the sanitization flaw. GreyNoise has observed 21 unique IP addresses from multiple countries attempting exploitation within 24 hours of disclosure. Recommended actions are to patch, restrict telnet access to trusted clients, disable telnetd, or use a custom `login(1)` implementation that rejects `-f`.
Signals
4 derivedImpact signals
Exploitation
Exploitation
Active exploitation
CVSS
9.8 Critical
CVEs/products
CVE
Remediation
Remediation
Patch available
Member happenings
1 related
Vulnerability
GNU InetUtils telnetd remote authentication bypass (CVE-2026-24061)
Exploitation
Active Exploitation
CVSS
9.8 Critical
Patch
Patch Available
Vulnerability
GNU InetUtils telnetd remote authentication bypass (CVE-2026-24061)
Exploitation
Active Exploitation
CVSS
9.8 Critical
Patch
Patch Available