Nearly 800,000 Telnet servers exposed to remote attacks

A critical authentication-bypass flaw (CVE-2026-24061) in GNU InetUtils telnetd — patched in version 2.8 — lets attackers bypass login and obtain root by sending a crafted USER environment value (e.g., "-f root") via Telnet option negotiation; Shadowserver reports ~800,000 publicly exposed Telnet instances worldwide and GreyNoise observed limited active exploitation from multiple IPs that attempted post-exploitation Python malware deployment, so administrators should patch, disable telnetd, or block TCP/23 immediately.