CVE-2026-28372
Received Received - Intake
Privilege Escalation in GNU inetutils telnetd via systemd Credentials Abuse

Publication date: 2026-02-27

Last updated on: 2026-03-07

Assigner: MITRE

Description
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-27
Last Modified
2026-03-07
Generated
2026-06-16
AI Q&A
2026-02-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-28372
EUVD
EUVD-2026-9000
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gnu inetutils to 2.7 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-829 The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in telnetd in GNU inetutils through version 2.7 and involves privilege escalation. It can be exploited by abusing the systemd service credentials support that was added to the login(1) implementation of util-linux in release 2.40. The issue is related to client control over the CREDENTIALS_DIRECTORY environment variable and requires an unprivileged local user to create a login.noauth file.

Impact Analysis

The vulnerability allows an unprivileged local user to escalate their privileges, potentially gaining higher-level access than intended. This can lead to unauthorized access to sensitive system functions and data, compromising the confidentiality, integrity, and availability of the affected system.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28372. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart