Analytics Story: Telnetd CVE-2026-24061
Description
In January 2026, the GNU telnetd service from GNU InetUtils was found to be vulnerable to authentication-bypass by Kyu Neushwaistein (aka Carlos Cortes Alvarez). This flaw allows an attacker to establish a Telnet session without providing valid credentials, granting unauthorized access to the target system.
Why it matters
This vulnerability is an authentication bypass in telnetd. An attacker can supply a specifically crafted USER environment variable that is passed to login. Because this input isn't sanitized an attacker can force the system to skip authentication and login directly as root. Impacting GNU telnetd, this is tracked as CVE-2026-24061 and has a CVSS v3 score of 9.8 (critical). While Telnet is considered an outdated protocol for remote access and command execution, it continues to be used in certain Unix/Linux environments, embedded systems, network devices, and operational technology infrastructure.
Detections
| Name | Technique | Type |
|---|---|---|
| Linux Telnet Authentication Bypass | Abuse Elevation Control Mechanism | TTP |
Data Sources
| Name | Platform | Sourcetype | Source |
|---|---|---|---|
| Sysmon for Linux EventID 1 |  Linux |
sysmon:linux |
Syslog:Linux-Sysmon/Operational |
References
Source: GitHub | Version: 1