Back to Live Pulse

Critical

Inetutils

Argument Injection

CVE-2026-24061

Description

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Proof of Concept (POC) Links

Explore how this vulnerability can be reproduced or exploited.

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24061 https://www.labs.greynoise.io/grimoire/2026-01-22-f-around-and-find-out-18-hours-of-unsolicited-houseguests/index.html