THREAT actors are exploiting a critical authentication bypass flaw in GNU InetUtils telnetd, CVE-2026-24061, which has lingered in the open-source project for more than a decade and could give attackers complete control of a device if exploited. The vulnerability was introduced in May 2015 with InetUtils 1.9.3 and addressed in version 2.8, but it remains easy to exploit, with attackers already pouncing on it.
According to the Centre for Cybersecurity Belgium (CCB) in an advisory, GNU Inetutils Telnetd allows remote authentication bypass via an "-f root" value for the USER environment variable, making the flaw an instruction-injection style bypass. Shadowserver Foundation founder Piotr Kijewski reported in an emailed advisory that around 800,000 telnet instances are exposed globally, underscoring a substantial attack surface.
As the article notes, telnet is obsolete and transmits data in plaintext, yet hundreds of thousands of legacy and IoT devices remain reachable, prompting calls for patching or disabling telnetd and segmenting high-risk devices. January 27, 2026, marked a renewed focus on this forgotten attack surface as organisations weigh fixes and mitigations, including limiting telnet access to trusted clients.