CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Critical Linux Vulnerabilities Exploited in the Wild

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

CISA added two Linux vulnerabilities to its KEV catalog, including a critical authentication bypass in GNU Inetutils (CVE-2026-24061) and an integer overflow in the Linux kernel (CVE-2018-14634). The GNU Inetutils flaw has been actively exploited, with reports of 60 exploitation attempts from 18 unique sources. The vulnerabilities affect various versions of Linux systems, with potential for remote code execution and privilege escalation.

Timeline

  1. 27.01.2026 12:37 1 articles · 23h ago

    CISA Adds Critical Linux Vulnerabilities to KEV Catalog

    CISA expanded the KEV catalog with two Linux vulnerabilities, including a critical authentication bypass in GNU Inetutils (CVE-2026-24061) and an integer overflow in the Linux kernel (CVE-2018-14634). The GNU Inetutils flaw has been actively exploited, with reports of 60 exploitation attempts from 18 unique sources. CISA also added two SmarterMail bugs and a Microsoft Office zero-day to the catalog, urging federal agencies to address all five bugs by February 16.

    Show sources
    Open in new tab

Information Snippets

  • CVE-2026-24061 is a critical-severity authentication bypass in GNU Inetutils with a CVSS score of 9.8.

    First reported: 27.01.2026 12:37
    1 source, 1 article
    Show sources

  • CVE-2026-24061 affects GNU Inetutils versions 1.9.3 to 2.7, allowing attackers to bypass authentication and gain a root shell.

    First reported: 27.01.2026 12:37
    1 source, 1 article
    Show sources

  • GreyNoise reported 60 exploitation attempts of CVE-2026-24061 from 18 unique attack sources within days of its public disclosure.

    First reported: 27.01.2026 12:37
    1 source, 1 article
    Show sources

  • CVE-2018-14634 is an integer overflow vulnerability in the Linux kernel with a CVSS score of 7.8, requiring at least 32GB of RAM for exploitation.

    First reported: 27.01.2026 12:37
    1 source, 1 article
    Show sources

  • CISA added two SmarterMail bugs and a Microsoft Office zero-day to the KEV catalog, urging federal agencies to address all five bugs by February 16.

    First reported: 27.01.2026 12:37
    1 source, 1 article
    Show sources

Similar Happenings

Critical Grist-Core Vulnerability Enables RCE via Spreadsheet Formulas

A critical vulnerability in Grist-Core, an open-source relational spreadsheet-database, allows remote code execution (RCE) through malicious spreadsheet formulas. The flaw, codenamed Cellbreak (CVE-2026-24002, CVSS score: 9.1), enables attackers to execute OS commands or host-runtime JavaScript, collapsing the boundary between cell logic and host execution. The issue stems from a sandbox escape in the Pyodide sandboxing method, which is used for Python formula execution. Grist has released version 1.7.9 to address the vulnerability, and users are advised to update immediately. The vulnerability was uncovered by Cyera Research Labs and affects both managed SaaS and self-hosted environments, increasing the impact of the flaw. Grist adoption includes government, higher-education organizations, and commercial teams in marketing and game design.

Open in new tab