{"id":207513,"date":"2026-01-23T11:21:00","date_gmt":"2026-01-23T16:21:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/01\/23\/hackers-exploit-critical-telnetd-auth-bypass-flaw-to-get-root\/"},"modified":"2026-01-28T16:30:16","modified_gmt":"2026-01-28T21:30:16","slug":"hackers-exploit-critical-telnetd-auth-bypass-flaw-to-get-root","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/01\/23\/hackers-exploit-critical-telnetd-auth-bypass-flaw-to-get-root\/","title":{"rendered":"Hackers exploit critical telnetd auth bypass flaw to get root"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-exploit-critical-telnetd-auth-bypass-flaw-to-get-root\/\">Hackers exploit critical telnetd auth bypass flaw to get root<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-exploit-critical-telnetd-auth-bypass-flaw-to-get-root\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-exploit-critical-telnetd-auth-bypass-flaw-to-get-root\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-23 11:21:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p style=\"text-align:center\">\n<p>A coordinated campaign has been observed targeting a recently disclosed\u00a0critical-severity vulnerability that has been present in the\u00a0GNU InetUtils telnetd server for 11 years.<\/p>\n<p>The security issue is tracked as CVE-2026-24061 and was reported on January 20. It is trivial to leverage and multiple exploit examples\u00a0are publicly available.<\/p>\n<h3>Bug persisted since 2015<\/h3>\n<p>Open-source contributor Simon Josefsson explains that\u00a0the telnetd component of GNU InetUtils contains a remote-authentication bypass vulnerability caused by unsanitized environment variable handling when spawning \u2018\/usr\/bin\/login.\u2019<\/p>\n<p> <img decoding=\"async\" src=\"https:\/\/www.bleepstatic.com\/c\/w\/wiz\/MCP-Research-Guide-970x250.png\" alt=\"Wiz\" style=\"margin-top: 0px;\"\/><\/p>\n<p>The flaw occurs because telnetd passes the user-controlled USER environment variable directly to login(1) without sanitization.\u00a0By setting USER to -f root and connecting with the\u00a0telnet -a command, an attacker can skip authentication and obtain root access.<\/p>\n<p>The issue affects GNU InetUtils versions 1.9.3 (released in 2015) through 2.7, and was patched in version 2.8. For those who cannot upgrade to the safe release, mitigation strategies include disabling the telnetd service or blocking TCP port 23 on all firewalls.<\/p>\n<p>GNU InetUtils is a collection of classic network client and server tools (telnet\/telnetd, ftp\/ftpd, rsh\/rshd, ping, traceroute) maintained by the GNU Project, and used across multiple Linux distributions.<\/p>\n<p>Although Telnet is an insecure,\u00a0legacy component largely replaced by SSH, many Linux and Unix systems still include it for compatibility or specialized usage needs. It is particularly prevalent in the industrial sector because of its simplicity and low overhead.<\/p>\n<p>On legacy and embedded devices, it can run without updates for more than a decade, explaining its presence in IoT devices, cameras, industrial sensors, and Operational Technology (OT) networks.<\/p>\n<p>Cristian Cornea of\u00a0Zerotak, a penetration testing and cybersecurity services company, told BleepingComputer that critical systems are difficult to replace in OT\/ICS&#8230;<br \/>\n<br \/><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-exploit-critical-telnetd-auth-bypass-flaw-to-get-root\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hackers exploit critical telnetd auth bypass flaw to get root https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-exploit-critical-telnetd-auth-bypass-flaw-to-get-root\/ Publish Date: 2026-01-23 11:21:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":207514,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2026\/01\/23\/Telnet.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-207513","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207513"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=207513"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207513\/revisions"}],"predecessor-version":[{"id":207515,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207513\/revisions\/207515"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/207514"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=207513"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=207513"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=207513"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}