GNU Inetutils Security Update Advisory (CVE-2026-24061)

Overview

 

We have released a security update to address a vulnerability in GNU Inetutils. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2026-24061

 

GNU Inetutils Version: 1.9.3 or later and 2.7 or earlier

 

 

Resolved Vulnerabilities

 

Remote authentication bypass vulnerability due to setting the value “-f root” in the USER environment variable in telnetd (CVE-2026-24061)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2026-24061

 

GNU Inetutils version: Update as per the Referenced Sites[1]

 

 

References

 

[1] GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
https://www.openwall.com/lists/oss-security/2026/01/20/2