#cve-2026-24061

[ follow ]
#telnetd #gnu-telnetd-authentication-bypass #cve-2018-14634-kernel-overflow #cisa-kev-catalog #gnu-inetutils
Information security
fromSecurityWeek
2 days ago

Organizations Warned of Exploited Linux Vulnerabilities

Critical GNU Inetutils telnetd authentication bypass (CVE-2026-24061) enables remote root via crafted Telnet USER variable, and kernel integer overflow (CVE-2018-14634) permits privilege escalation.
fromThe Hacker News
1 week ago

Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access

A critical security flaw has been disclosed in the GNU InetUtils telnet daemon ( telnetd) that went unnoticed for nearly 11 years. The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of 10.0 on the CVSS scoring system. It affects all versions of GNU InetUtils from version 1.9.3 up to and including version 2.7. "Telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a '-f root' value for the USER environment variable," according to a description of the flaw in the NIST National Vulnerability Database (NVD).
Information security
Information security
fromTheregister
1 week ago

Ancient telnet bug happily hands out root to attackers

A trivial argument-injection in GNU InetUtils telnetd (CVE-2026-24061) allows remote attackers to bypass authentication and gain root access; active exploitation observed.
[ Load more ]