Threat Level Description

IthacaLabs has maintained the Threat Level (High) adding a new observation:

An attack is highly likely. Addressing the broad nature of the threat in order to reach an acceptable risk level, requires additional and sustainable protective security measures combined with specific business and geographical vulnerabilities and judgments.

Description

We have observed that a new critical security vulnerability has been identified in GNU InetUtils telnetd, tracked as CVE-2026-24061, which is actively being exploited in the wild.

The vulnerability allows remote, unauthenticated attackers to bypass authentication and execute commands with root-level privileges on affected systems. The issue arises from improper handling of user-supplied environment variables during Telnet session initiation, enabling attackers to manipulate the login process and gain full administrative access without valid credentials.

This vulnerability impacts systems running GNU InetUtils telnetd, a legacy Telnet service still present on many Unix-like operating systems, embedded platforms, and long-lived infrastructure environments. Exploitation activity has been observed shortly after public disclosure, with widespread internet scanning and opportunistic attacks targeting exposed Telnet services. Successful exploitation enables attackers to establish persistence, deploy additional tooling, and maintain long-term unauthorized access to compromised systems.

Our Advisory and Managed Services, including our Security Operations and Technology Resilience lines, can help safeguard your organization against such threats.

Through proactive monitoring, threat detection, and incident response, our services are designed to keep your systems secure, resilient, and prepared for evolving cyber risks. We advise all organizations to remain vigilant and regularly review their cybersecurity postures.

Affected Products:

• Systems running GNU InetUtils telnetd versions 1.9.3 through 2.7
• Legacy servers, embedded systems, and network devices with Telnet services enabled and exposed to untrusted networks

Recommendation(s):

It is highly recommended to apply all security patches and updates provided by the vendor immediately once available to mitigate the risks posed by this vulnerability. Until a permanent fix is applied, organizations should consider implementing the following mitigation measures:

 

• Disable the Telnet service entirely wherever possible
• Restrict access to Telnet services using firewall rules, network segmentation, and IP allow-listing
• Remove or replace legacy services that rely on Telnet with secure alternatives such as SSH
• Review system configurations to ensure unnecessary services are disabled
• Monitor system, application, and network logs for unauthorized Telnet connections or unexpected privilege escalation
• Conduct threat hunting activities to identify indicators of compromise, including unauthorized root access or persistence mechanisms

You should understand the importance of applying security updates with urgency, regardless of organizational size. Implementing an effective patch management strategy, enabling comprehensive event logging, and actively monitoring security events are critical to protecting business-critical assets. A comprehensive risk management approach should include regular penetration testing, at least annually and after significant system changes, to ensure continued compliance with security best practices and industry regulations.

Threat Level Description:

Threat Level: High – An attack is highly likely. Addressing the broad nature of the threat in order to reach an acceptable risk level, requires additional and sustainable protective security measures combined with specific business and geographical vulnerabilities and judgments.

References:

• CVE-2026-24061 – GNU InetUtils telnetd Authentication Bypass Vulnerability

• CVE-2026-24061 

• Around and Find Out: 18 Hours of Unsolicited Telnet Houseguests