A critical security vulnerability has been identified in the Telnet protocol, affecting approximately 800,000 devices globally. This flaw enables attackers to gain root access to systems, posing significant security risks.
Vulnerability Details
The vulnerability, tracked as CVE-2026-24061, resides in the Telnet daemon (telnetd) of GNU InetUtils versions 1.9.3 through 2.7. It allows remote attackers to bypass authentication by manipulating the USER environment variable, granting unauthorized root access. (cyber.gc.ca)
Exploitation in the Wild
Within 24 hours of the vulnerability's disclosure, active exploitation was observed. Attackers targeted exposed Telnet servers, attempting to deploy Python-based malware. In 83% of cases, attackers gained root access, highlighting the severity of the threat. (probablypwned.com)
Mitigation Recommendations
Users are strongly advised to upgrade to GNU InetUtils version 2.8 or later, which addresses this vulnerability. If immediate patching isn't feasible, it's recommended to disable the telnetd service or block TCP port 23 at the firewall to prevent unauthorized access. (cyber.gc.ca)
Global Impact
The exposed devices span various regions, with significant numbers in Asia, South America, and Europe. This widespread exposure underscores the critical need for prompt action to secure vulnerable systems. (probablypwned.com)
Conclusion
The discovery of CVE-2026-24061 serves as a stark reminder of the risks associated with outdated protocols like Telnet. Organizations and individuals are urged to assess their systems for this vulnerability and implement the recommended mitigations to safeguard against potential attacks.
Critical Telnet Vulnerability Exposes Devices to Remote Attacks:
- 11-Year-Old critical telnetd flaw found in GNU InetUtils (CVE-2026-24061), Published on Friday, January 23
- 800K+ GNU InetUtils telnetd Instances Exposed to RCE Attacks - PoC Released, Published on Monday, January 26
- GNU: Over 800K GNU InetUtils telnetd Instances Exposed to RCE Attacks as PoC Released