Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access

Yikes — a 9.8-severity vulnerability (CVE-2026-24061) in GNU InetUtils telnetd lets attackers skip login entirely and snatch root access remotely. This isn't just a theoretical exploit; it's live and dangerous for versions 1.9.3 through 2.7.

The flaw? A classic buffer overflow in the telnet daemon's authentication logic. Attackers can send crafted packets that overflow the stack, bypassing credential checks and executing arbitrary code with root privileges. No credentials needed — just network access to a vulnerable telnet service.

Impact: Full system compromise. Once in, attackers can install malware, exfiltrate data, or pivot to other systems. This affects Linux/Unix systems running the vulnerable telnetd from GNU InetUtils, commonly used in legacy or embedded environments.

Patch status: The GNU project has released fixes in the latest updates. Admins must upgrade immediately. If you're still running telnet (seriously, why?), disable it and switch to SSH. This flaw is already being tracked by threat intel teams — expect exploit attempts soon.

Bottom line: If your system uses GNU InetUtils telnetd, patch NOW. This is a straight shot to root for any attacker on your network. Stay sharp, upgrade, and maybe finally retire that telnet service.