CVE-2026-28372

CVE-2026-28372 affects telnetd in GNU inetutils up to version 2.7. The root cause is that login(1) in util-linux 2.40 added systemd service credentials support, enabling a local unprivileged user to influence the CREDENTIALS_DIRECTORY environment variable and create a login.noauth file, which can...

CVE-2026-28372

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login1 implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALSDIRECTORY environment variable, and require...

PT-2026-22300

Name of the Vulnerable Software and Affected Versions GNU inetutils versions through 2.7 Description A privilege escalation issue exists in telnetd within GNU inetutils. The issue stems from improper handling of the CREDENTIALS DIRECTORY environment variable, introduced with systemd service...

CVE-2026-28372

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login1 implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALSDIRECTORY environment variable, and require...

PT-2026-28575

Name of the Vulnerable Software and Affected Versions Incus versions prior to 6.23.0 Description Incus is a system container and virtual machine manager. Incus instances allow providing credentials to systemd within the guest environment, managed through a shared directory for containers. Prior t...