CVE-2026-24061
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-21

Last updated on: 2026-02-11

Assigner: MITRE

Description
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-02-11
Generated
2026-06-16
AI Q&A
2026-01-21
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24061
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
gnu inetutils From 1.9.3 (inc) to 2.7 (inc)
debian debian_linux 11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-88 The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-24061 is a remote authentication bypass vulnerability in the telnetd daemon of GNU InetUtils versions 1.9.3 through 2.7. The issue arises because telnetd improperly handles the USER environment variable passed from the telnet client. Specifically, if an attacker sets the USER variable to a special value like '-f root', telnetd passes this directly to the login program, which interprets '-f root' as a command to bypass authentication and log in directly as root. This lack of sanitization allows an attacker to gain root access remotely without providing valid credentials. [2, 3]

Impact Analysis

This vulnerability allows an attacker to bypass authentication remotely and gain root-level access on the affected system running telnetd from GNU InetUtils. This means an attacker can fully control the system without needing valid login credentials, potentially leading to complete system compromise, unauthorized data access, and further exploitation. [2, 3]

Detection Guidance

You can detect this vulnerability by checking if your system is running GNU InetUtils telnetd versions 1.9.3 through 2.7, which are known to be vulnerable. Additionally, testing for the vulnerability can be done by attempting to connect to the telnetd server with a USER environment variable set to '-f root' using the telnet client with the '-a' or '--login' option. For example, on a vulnerable system, setting USER='-f root' and running 'telnet -a localhost' would result in a root login without authentication. To check the version of inetutils-telnetd installed, you can use commands like 'telnetd --version' or check the package version via your package manager (e.g., 'dpkg -l | grep inetutils-telnetd' on Debian-based systems). [3]

Mitigation Strategies

Immediate mitigation steps include: 1) Avoid running the telnetd server if possible. 2) Restrict network access to the telnet port to trusted clients only. 3) Apply patches that sanitize the USER environment variable and other variables used in the login command line expansion. 4) Upgrade to a version of GNU InetUtils that includes the fix for this vulnerability. 5) As a workaround, disable telnetd or configure it to use a custom login program that disallows the '-f' parameter. These steps help prevent remote authentication bypass via the USER environment variable. [3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24061. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart