GNU Inetutils Telnet Authentication Bypass Exploit CVE-2026-24061

The telnetd service from GNU InetUtils is vulnerable to authentication-bypass, tracked as CVE-2026-24061, in versions up to version 2.7. During Telnet authentication the SB byte can be sent to indicate sub-negotiation which allows for the exchange of sub-option parameters after both parties have...

K000159869: Telnetd vulnerability CVE-2026-24061

Security Advisory Description Telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable. CVE-2026-24061 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

📄 GNU Inetutils 2.7 Telnet Authentication Bypass Scanner

GNU Inetutils version 2.7 telnet authentication bypass scanner that leverages a crafted USER value. This vulnerability is tracked as CVE-2026-24061 and is conceptually related to historical Telnet NEW-ENVIRON issues such as CVE-1999-0192, but affects modern GNU Inetutils implementations...

GNU InetUtils Argument Injection Vulnerability

GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER environment variable...

telnetd argument injection vulnerability

Added: 01/26/2026 Background The Telnet service allows remote users to authenticate to a system and use an interactive command shell. The Telnet service is implemented by the Telnet daemon, telnetd. Problem The telnetd program included in GNU Inetutils allows authentication to be bypassed with a ...

SUSE CVE-2026-24061

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable...

VulnCheck KEV: CVE-2026-24061

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable...

GNU InetUtils Telnetd Remote Authentication Bypass Vulnerability

GNU InetUtils telnetd is a telnet service daemon in the GNU InetUtils suite that listens on TCP port 23 and provides clients with plaintext terminal access based on the Telnet protocol. A remote authentication bypass vulnerability exists in GNU InetUtils Telnetd, which can be exploited to bypass...

Debian dsa-6106 : inetutils - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6106 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6106-1 [email protected] https://www.debian.org/security/...

Vulnerability fixed in GNU Inetutils telnetd

Security researchers have found a a vulnerability in Inetutils telnetd version 2.7. This vulnerability has been present since version 1.9.3 that came out in 2015, according to the researchers. The vulnerability is in the way the telnetd service handles the USER environment variable. By setting th...

CVE-2026-24061

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable...

CVE-2026-24061

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable...

BIT-NODE-MIN-2023-30585

A vulnerability has been identified in the Node.js .msi version installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the "msiexec.exe" process, running under the NT AUTHORITY\SYSTEM...

DIRAC: Unauthorized users can read proxy contents during generation

Impact During the proxy generation process e.g., when using dirac-proxy-init it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy. This vulnerability only exists for a...

FreeBSD : golddig -- local buffer overflow vulnerabilities (949c470e-528f-11d9-ac20-00065be4b5b6)

Two buffer overflow vulnerabilities where detected. Both issues can be used by local users to gain group games privileges on affected systems. The first overflow exists in the map name handling and can be triggered when a very long name is given to the program during command-line execution The...