VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-bn6y-snuj-gbdy

Essentials
Severities (20)
References (14)
Severity details (16)
Exploits (2)
EPSS
History (1)

Vulnerability ID	VCID-bn6y-snuj-gbdy
Aliases	CVE-2026-24061
Summary	A vulnerability has been discovered in the telnetd module of inetutils, which allows remote code execution as root.
Status	Published
Exploitability	2.0
Weighted Severity	8.8
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

System	Score	Found at
epss	0.87007	https://api.first.org/data/v1/epss?cve=CVE-2026-24061
epss	0.87007	https://api.first.org/data/v1/epss?cve=CVE-2026-24061
epss	0.87007	https://api.first.org/data/v1/epss?cve=CVE-2026-24061
epss	0.88021	https://api.first.org/data/v1/epss?cve=CVE-2026-24061
cvssv3.1	9.8	https://codeberg.org/inetutils/inetutils/commit/ccba9f748aa8d50a38d7748e2e60362edd6a32cc
ssvc	Act	https://codeberg.org/inetutils/inetutils/commit/ccba9f748aa8d50a38d7748e2e60362edd6a32cc
cvssv3.1	9.8	https://codeberg.org/inetutils/inetutils/commit/fd702c02497b2f398e739e3119bed0b23dd7aa7b
ssvc	Act	https://codeberg.org/inetutils/inetutils/commit/fd702c02497b2f398e739e3119bed0b23dd7aa7b
cvssv3.1	9.8	https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html
ssvc	Act	https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html
cvssv3.1	9.8	https://www.gnu.org/software/inetutils/
ssvc	Act	https://www.gnu.org/software/inetutils/
cvssv3.1	9.8	https://www.openwall.com/lists/oss-security/2026/01/20/2
ssvc	Act	https://www.openwall.com/lists/oss-security/2026/01/20/2
cvssv3.1	9.8	https://www.openwall.com/lists/oss-security/2026/01/20/8
ssvc	Act	https://www.openwall.com/lists/oss-security/2026/01/20/8
cvssv3.1	9.8	https://www.vicarius.io/vsociety/posts/cve-2026-24061-detection-script-remote-authentication-bypass-in-gnu-inetutils-package
ssvc	Act	https://www.vicarius.io/vsociety/posts/cve-2026-24061-detection-script-remote-authentication-bypass-in-gnu-inetutils-package
cvssv3.1	9.8	https://www.vicarius.io/vsociety/posts/cve-2026-24061-mitigation-script-remote-authentication-bypass-in-gnu-inetutils-package
ssvc	Act	https://www.vicarius.io/vsociety/posts/cve-2026-24061-mitigation-script-remote-authentication-bypass-in-gnu-inetutils-package

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2026-24061
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24061
1126047		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126047
2		https://www.openwall.com/lists/oss-security/2026/01/20/2
8		https://www.openwall.com/lists/oss-security/2026/01/20/8
ccba9f748aa8d50a38d7748e2e60362edd6a32cc		https://codeberg.org/inetutils/inetutils/commit/ccba9f748aa8d50a38d7748e2e60362edd6a32cc
cve-2026-24061-detection-script-remote-authentication-bypass-in-gnu-inetutils-package		https://www.vicarius.io/vsociety/posts/cve-2026-24061-detection-script-remote-authentication-bypass-in-gnu-inetutils-package
cve-2026-24061-mitigation-script-remote-authentication-bypass-in-gnu-inetutils-package		https://www.vicarius.io/vsociety/posts/cve-2026-24061-mitigation-script-remote-authentication-bypass-in-gnu-inetutils-package
fd702c02497b2f398e739e3119bed0b23dd7aa7b		https://codeberg.org/inetutils/inetutils/commit/fd702c02497b2f398e739e3119bed0b23dd7aa7b
GLSA-202601-01		https://security.gentoo.org/glsa/202601-01
inetutils		https://www.gnu.org/software/inetutils/
msg00004.html		https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html
USN-7992-1		https://usn.ubuntu.com/7992-1/
USN-7992-2		https://usn.ubuntu.com/7992-2/

Data source	Metasploit
Description	The telnetd service from GNU InetUtils is vulnerable to authentication-bypass, tracked as CVE-2026-24061, in versions up to version 2.7. During Telnet authentication the SB byte can be sent to indicate sub-negotiation which allows for the exchange of sub-option parameters after both parties have agreed to enable a specific functional option. Environment variables can be sent as sub-options and it's the USER environment variable which introduces the authentication bypass in this scenario. When the USER environment variable gets sent to the GNU inetutils telnetd service during authentication, the variable gets appended without proper sanitization to an execv call to the /usr/bin/login binary. The login binary has a -f flag which skips authentication for a specific user. So the exploit sets the `USER` environment variable to -f root and the telnetd service responds with a root shell.
Note	Reliability: - unreliable-session Stability: - crash-safe SideEffects: []
Ransomware campaign use	Unknown
Source publication date	Jan. 26, 2026
Platform	Linux,Unix
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/telnet/gnu_inetutils_auth_bypass.rb

Data source	KEV
Date added	Jan. 26, 2026
Description	GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER environment variable.
Required action	Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due date	Feb. 16, 2026
Note	This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://cgit.git.savannah.gnu.org/cgit/inetutils.git ; https://codeberg.org/inetutils/inetutils/commit/ccba9f748aa8d50a38d7748e2e60362edd6a32cc; https://codeberg.org/inetutils/inetutils/commit/fd702c02497b2f398e739e3119bed0b23dd7aa7b ; https://nvd.nist.gov/vuln/detail/CVE-2026-24061
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://codeberg.org/inetutils/inetutils/commit/ccba9f748aa8d50a38d7748e2e60362edd6a32cc

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-01-27T04:55:30Z/ Found at https://codeberg.org/inetutils/inetutils/commit/ccba9f748aa8d50a38d7748e2e60362edd6a32cc

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://codeberg.org/inetutils/inetutils/commit/fd702c02497b2f398e739e3119bed0b23dd7aa7b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-01-27T04:55:30Z/ Found at https://codeberg.org/inetutils/inetutils/commit/fd702c02497b2f398e739e3119bed0b23dd7aa7b

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-01-27T04:55:30Z/ Found at https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.gnu.org/software/inetutils/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-01-27T04:55:30Z/ Found at https://www.gnu.org/software/inetutils/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.openwall.com/lists/oss-security/2026/01/20/2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-01-27T04:55:30Z/ Found at https://www.openwall.com/lists/oss-security/2026/01/20/2

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.openwall.com/lists/oss-security/2026/01/20/8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-01-27T04:55:30Z/ Found at https://www.openwall.com/lists/oss-security/2026/01/20/8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.vicarius.io/vsociety/posts/cve-2026-24061-detection-script-remote-authentication-bypass-in-gnu-inetutils-package

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-01-27T04:55:30Z/ Found at https://www.vicarius.io/vsociety/posts/cve-2026-24061-detection-script-remote-authentication-bypass-in-gnu-inetutils-package

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.vicarius.io/vsociety/posts/cve-2026-24061-mitigation-script-remote-authentication-bypass-in-gnu-inetutils-package

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2026-01-27T04:55:30Z/ Found at https://www.vicarius.io/vsociety/posts/cve-2026-24061-mitigation-script-remote-authentication-bypass-in-gnu-inetutils-package

Exploit Prediction Scoring System (EPSS)

Percentile	0.99431
EPSS Score	0.87007
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:04:39.516026+00:00	Gentoo Importer	Import	https://security.gentoo.org/glsa/202601-01	38.0.0