27-Year-Old Telnet Vulnerability CVE-2026-24061 Grants Root Access

A critical flaw in GNU Inetutils telnet daemon affects versions through 2.7. Tracked as CVE-2026-24061, it allows remote attackers to gain root access without authentication. Security researcher Ron Ben Yizhak from SafeBreach discovered improper environment variable sanitization. Telnetd passes client-supplied variables directly to /bin/login running as root. Linux kernel sets AT_SECURE=0, disabling glibc secure-execution mode. […]

The post 27-Year-Old Telnet Vulnerability CVE-2026-24061 Grants Root Access appeared first on VPN Central.