UBUNTU-CVE-2026-24061
Advisory lineage Upstream: 1 Downstream: 2
Upstream
Downstream
Published: 21 Jan 2026, 07:16
Last modified:19 Feb 2026, 20:29
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.8 CRITICAL
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
21 Jan 2026, 07:16
Published
Vulnerability first disclosed
19 Feb 2026, 20:29
Last Modified
Vulnerability information updated
Description
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.
CVSS Metrics
- v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Systems
- ubuntu•inetutils
all | all | all | all | < 2:1.9.4-1ubuntu0.1~esm5 | < 2:1.9.4-3ubuntu0.1+esm4 | < 2:1.9.4-11ubuntu0.2+esm3 | < 2:2.2-2ubuntu0.2 | < 2:2.5-3ubuntu4.1 | < 2:2.6-1ubuntu3.1
References (9)
- https://ubuntu.com/security/CVE-2026-24061
- https://www.cve.org/CVERecord?id=CVE-2026-24061
- https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html
- https://www.gnu.org/software/inetutils/
- https://www.openwall.com/lists/oss-security/2026/01/20/2
- https://www.openwall.com/lists/oss-security/2026/01/20/8
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- https://ubuntu.com/security/notices/USN-7992-1
- https://ubuntu.com/security/notices/USN-7992-2