Hackers exploit critical telnetd auth bypass flaw to get root

A critical authentication-bypass flaw (CVE-2026-24061) in GNU InetUtils telnetd—present since 2015 in versions 1.9.3 through 2.7 and patched in 2.8—allows attackers to pass a crafted USER environment variable (for example, "-f root") via Telnet option negotiation to skip authentication and gain root; public exploits exist and GreyNoise observed limited automated exploitation from 18 IPs across ~60 sessions. The report notes the prevalence of Telnet on legacy and OT/embedded devices, recommends patching or disabling telnet and blocking port 23, and describes observed post-exploitation attempts (SSH key persistence and Python malware) that largely failed due to missing binaries on targeted hosts.