CVE-2026-24061

CriticalKnown Exploited

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

mitre·CWE-88·Published 2026-01-21

CVSS

9.8

EPSS

0.99

KEV

Yes

Exploits

cve.orgen

129 chars

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

NVDen

129 chars

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

NVDes

148 chars

telnetd en GNU Inetutils a través de 2.7 permite la omisión de autenticación remota a través de un valor '-f root' para la variable de entorno USER.

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H