800K+ Telnet Servers Exposed to RCE Attacks – PoC Released

**Critical Telnetd Authentication Bypass (CVE-2026-24061):** A high-severity argument injection flaw in GNU Inetutils telnetd (v1.9.3–2.7) allows attackers to set USER to "-f root" and bypass authentication to gain root RCE; proof-of-concept exploits are public and widespread scanning/exploitation was observed shortly after disclosure, affecting roughly 800,000 internet-exposed Telnet instances and prompting immediate upgrade or mitigation recommendations.