telnetd argument injection vulnerability

Added: 01/26/2026

Background

The Telnet service allows remote users to authenticate to a system and use an interactive command shell. The Telnet service is implemented by the Telnet daemon, telnetd.

Problem

The telnetd program included in GNU Inetutils allows authentication to be bypassed with a -f flag in the USER environment variable.

Resolution

Disable the telnet service, or upgrade to Inetutils 2.8 or higher when available, or apply a fix from your Linux vendor.

References

https://www.safebreach.com/blog/safebreach-labs-root-cause-analysis-and-poc-exploit-for-cve-2026-24061/

Back to exploit index