A vulnerability (CVE-2026-24061) has been identified in GNU InetUtils telnetd, which may allow remote attackers to bypass authentication on affected systems where the Telnet service is enabled and exposed.
 

Affected systems

The following systems are affected:
 

• GNU InetUtils telnetd: versions 1.9.3 through 2.7

Security Risks

Exploitation of the identified vulnerability may allow attackers to bypass authentication via exposed Telnet services and potentially gain unauthorized access, which could lead to data compromise, system modification and service disruption.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and administrators:

• Follow the GNU InetUtils Security Advisory and apply any available vendor-provided patches or implement recommended mitigations.

• Disable the Telnet service where not strictly required and migrate to SSH for remote access.

• Restrict network access to Telnet using firewall rules if it cannot be disabled.

• Ensure current, tested backups are available before applying updates or mitigations.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailing rwcsirt@ncsa.gov.rw or calling us on 9009.

References

• Inetutils - GNU network utilities

• https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html

• Hackers exploit critical telnetd auth bypass flaw to get root