CVE-2026-24061
CISA KEVPublished January 26, 2026 · Updated April 3, 2026
What This Means
# CVE-2026-24061: GNU InetUtils telnetd Authentication Bypass GNU InetUtils telnetd is vulnerable to argument injection through the USER environment variable, allowing unauthenticated remote attackers to bypass authentication and gain root access by injecting "-f root" into the telnet handshake. This affects telnetd instances exposed to untrusted networks, particularly legacy deployments still running telnet instead of SSH. **Remediation**: Disable telnetd immediately and migrate to SSH, or apply the latest GNU InetUtils patch. If telnetd must remain active, restrict network access to trusted IP ranges via firewall rules and disable root login via telnet configuration.
Official Description+
GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER environment variable.
Affected Products
| Vendor | Product |
|---|---|
| GNU | InetUtils |
Patch Status
Recommended Actions
- Check if your systems use any of the affected products listed above.
- Apply vendor patches immediately if available.
- This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
- Monitor vendor advisories for updates and additional mitigations.
- Review logs for indicators of compromise related to CVE-2026-24061.