top of page
perceptive_background_267k.jpg

Beveiligingsonderzoekers hebben een een kwetsbaarheid aangetroffen in Inetutils telnetd (versie 2.7). Deze kwetsbaarheid is volgens de onderzoekers al aanwezig …

Published:

21 januari 2026 om 14:15:46

Alert date:

21 januari 2026 om 15:02:40

Source:

ncsc.nl

Click to open the original link from this advisory

Operating Systems, Network Infrastructure

Security researchers discovered a vulnerability in GNU Inetutils telnetd version 2.7 that has existed since version 1.9.3 from 2015. The vulnerability is in how the telnetd service handles the USER environment variable. By setting this variable to '-f root', attackers can bypass authentication and gain root privileges. This poses a serious risk to system integrity. The vulnerability is very easy to exploit and exploit code is publicly available. NCSC expects that publicly accessible telnet servers will be targeted in the short term.

Technical details

Mitigation steps:

Affected products:

GNU Inetutils telnetd

Related links:

https://advisories.ncsc.nl/advisory?id=NCSC-2026-0033

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page