800k Telnet Devices Open to Root-Login Bypass (CVE-2026-24061)

January 27, 2026 at 08:33 PM

•

1 min read

800k Telnet Devices Open to Root-Login Bypass (CVE-2026-24061) — Photo: BleepingComputer

TL;DR Summary

Shadowserver has identified about 800,000 IPs fingerprinted for Telnet activity, highlighting widespread exposure to the root-login bypass in GNU InetUtils telnetd (CVE-2026-24061) affecting 1.9.3–2.7 and patched in 2.8; attackers can bypass authentication by sending USER=-f root via Telnet IAC. GreyNoise detected limited exploits starting Jan 21 from 18 IPs across 60 sessions, with 83% targeting root; attackers also attempted Python malware deployment but failed due to missing binaries. Most exposed devices are in Asia and the Americas; admins should disable vulnerable telnetd or block port 23 until patching.

Topics:technology #cve-2026-24061 #cybersecurity #iot #security #telnet #vulnerability

Share this article

Nearly 800,000 Telnet servers exposed to remote attacks BleepingComputer
Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access The Hacker News
Ancient telnet bug happily hands out root to attackers theregister.com
Hackers exploit critical telnetd auth bypass flaw to get root BleepingComputer
Organizations Warned of Exploited Linux Vulnerabilities SecurityWeek

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

88%

709 → 88 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights