Critical GNU InetUtils telnetd Vulnerability Allows Login Bypass and Root Access

/ Daily Cyber News, Security, Threat, Vulnerabilities

A severe security vulnerability has been disclosed in the GNU InetUtils telnet daemon (telnetd) that has remained unnoticed for nearly 11 years. The flaw allows remote attackers to bypass authentication and gain root access on affected systems.

Vulnerability Overview

The flaw, tracked as CVE-2026-24061, carries a CVSS score of 9.8/10. It impacts all GNU InetUtils versions from 1.9.3 through 2.7.

According to the NIST National Vulnerability Database, the issue arises because telnetd improperly handles the USER environment variable. By supplying the string -f root as the USER value, and using the -a or --login flag in telnet, an attacker can bypass authentication entirely and gain root privileges.

Technical Details

GNU contributor Simon Josefsson explained that telnetd calls /usr/bin/login (which runs as root) and passes the USER variable as a parameter. Since login interprets -f <username> as a flag to bypass authentication, sending -f root allows automatic login as root.

The vulnerability was introduced in a source code commit on March 19, 2015, which appeared in version 1.9.3 released on May 12, 2015. The flaw was discovered and reported by security researcher Kyu Neushwaistein (aka Carlos Cortes Alvarez) on January 19, 2026.

Observed Exploitation

Threat intelligence firm GreyNoise reported that 21 unique IP addresses attempted to exploit this flaw in the past 24 hours. The IPs, originating from Hong Kong, the U.S., Japan, the Netherlands, China, Germany, Singapore, and Thailand, have been flagged as malicious.

Recommended Mitigation

To protect systems against this critical vulnerability:

  • Apply the latest patches for GNU InetUtils immediately.
  • Restrict telnet port access to trusted networks only.

As temporary workarounds:

  • Disable the telnetd service if not needed.
  • Configure telnetd to use a custom login(1) tool that does not permit the -f parameter.

This vulnerability underscores the risks associated with legacy services like telnet, which remain active on some systems despite being outdated and insecure. Organizations are urged to review telnet usage and apply mitigations promptly.



Found this article interesting? Follow us on  X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.

Related Posts