"CVE-2026-24061 was introduced in GNU Inetutils version 1.9.3, which was released in May 2015, and impacts all iterations up to and including version 2.7, which was rolled out in December 2025. Within days of the flaw's public disclosure on January 20, GreyNoise reported seeing 60 exploitation attempts from 18 unique attack sources. The attacks involved reconnaissance, SSH persistence, and malware deployment."
"The second Linux issue added to the KEV catalog this week is CVE-2018-14634 (CVSS score of 7.8), an integer overflow vulnerability in the kernel that could allow an attacker with access to a privileged binary to escalate their privileges to root. Qualys, which discovered and reported the vulnerability, said in September 2018 that exploitation was possible on systems with at least 32GB of RAM, due to attack requirements."
CISA added five flaws to the Known Exploited Vulnerabilities catalog, including two Linux vulnerabilities. CVE-2026-24061 is a critical authentication bypass in GNU telnetd caused by unsanitized USER environment variable handling that permits supplying an '-f' flag to bypass authentication and obtain a root shell. The bug affects GNU Inetutils versions 1.9.3 through 2.7 and was observed exploited within days of disclosure. CVE-2018-14634 is a kernel integer overflow that can allow privilege escalation to root when an attacker can access a privileged binary; exploitation was reported to require systems with at least 32GB of RAM. Administrators should inventory exposed Telnet services and remediate vulnerable GNU telnetd installations and review privileged binaries for risk.
#cve-2026-24061 #gnu-telnetd-authentication-bypass #cve-2018-14634-kernel-overflow #cisa-kev-catalog
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]