A Critical Flaw in Telnet: Hackers Exploit 11-Year-Old Vulnerability for Root Access
A recent security alert has revealed a critical vulnerability in the GNU InetUtils telnetd server, a component present in many Linux and Unix systems. This flaw, tracked as CVE-2026-24061, has been actively exploited by hackers to gain root access on vulnerable systems.
The vulnerability has been around since 2015, and its persistence highlights the ongoing challenge of securing legacy systems. Open-source contributor Simon Josefsson explains that the issue stems from unsanitized environment variable handling when spawning the 'login' command. By setting the 'USER' variable to '-f root' and using the 'telnet -a' command, attackers can bypass authentication and gain root privileges.
This flaw affects GNU InetUtils versions 1.9.3 through 2.7, and was patched in version 2.8. However, many systems may not be upgradable, leaving them vulnerable. Mitigation strategies include disabling the telnetd service or blocking TCP port 23 on firewalls.
Despite its age, Telnet remains in use due to its simplicity and low overhead, especially in industrial settings. It's prevalent in IoT devices, cameras, industrial sensors, and Operational Technology (OT) networks, where critical systems are difficult to replace without rebooting, a process that can disrupt operations.
However, the number of devices exposed on the public internet with Telnet enabled is limited, leading some researchers to downplay the severity of the vulnerability. Threat monitoring firm GreyNoise detected real-world exploitation activity leveraging CVE-2026-24061, with attackers targeting vulnerable endpoints. The attacks varied in speed, type, and X11 DISPLAY values, but consistently aimed for the 'root' user.
In the post-exploitation phase, hackers attempted to deploy Python malware and persist SSH keys, but these efforts were unsuccessful due to missing binaries or directories. While the scope of the attacks appears limited, affected systems should be patched or hardened to prevent further exploitation.
