Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access

Published:

22 januari 2026 om 16:30:00

Alert date:

22 januari 2026 om 17:02:17

Source:

thehackernews.com

Operating Systems, Zero-Day Vulnerabilities, Identity & Access

A critical vulnerability (CVE-2026-24061) has been discovered in GNU InetUtils telnet daemon that allows remote authentication bypass and root access. The flaw affects all versions from 1.9.3 to 2.7 and has a CVSS score of 9.8/10. The vulnerability went unnoticed for nearly 11 years before being disclosed. Attackers can exploit this flaw to bypass login mechanisms and gain root privileges on affected systems.

Technical details

The vulnerability allows remote authentication bypass via a '-f root' value for the USER environment variable. The telnetd server invokes /usr/bin/login passing the USER environment variable value as the last parameter without sanitization. When a client sends a crafted USER environment value of '-f root' using the telnet -a or --login parameter, the client automatically gains root access bypassing normal authentication because login(1) uses the -f parameter to bypass authentication. The vulnerability was introduced in a source code commit made on March 19, 2015.

Mitigation steps:

Apply the latest patches, restrict network access to the telnet port to trusted clients only, disable telnetd server as temporary workaround, or configure InetUtils telnetd to use a custom login(1) tool that does not permit use of the '-f' parameter

Affected products:

GNU InetUtils telnet daemon (telnetd) versions 1.9.3 through 2.7