CVE-2026-24061

⛔ critical

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

CVSS Score

9.8

Critical

EPSS Score

29.6

Exploit Probability

Published Date

2026-01-21

First Seen: 2026-01-28

Last Modified 2026-01-30

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE IDs (Weakness Types)

CWE-88

🔗 References 11

Patch

Patch

Mitigation Vendor Advisory

Product

Mailing List

Mailing List

Mailing List

Mailing List Third Party Advisory

US Government Resource

Exploit Third Party Advisory

Mailing List Third Party Advisory

Vendor	Product	Status	Affected Versions
debian	debian_linux	Affected	v11.0
gnu	inetutils	Affected	≥ 1.9.3 ≤ 2.7

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2025-68670	⛔ critical	9.1	0.3	xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerabi...	2026-01-27
CVE-2025-6966	🔶 medium	5.5	0.0	NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause ...	2025-12-05
CVE-2025-63498	🔶 medium	6.1	0.1	alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter.	2025-11-24
CVE-2025-64512	⚠️ high	8.6	0.1	Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documen...	2025-11-10
CVE-2025-10921	⚠️ high	7.8	0.1	GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote a...	2025-10-29
CVE-2025-10922	⚠️ high	7.8	0.1	GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote a...	2025-10-29

These CVEs affect the same products