Tag Archives: Inetutils

January Linux Patch Wednesday

Leave a reply

January Linux Patch Wednesday

January Linux Patch Wednesday. In January, Linux vendors started fixing 918 vulnerabilities, one and a half times more than in December. Of these, 616 are in the Linux Kernel. Three show signs of exploitation in the wild:

🔻 AuthBypass – GNU Inetutils (telnetd) (CVE-2026-24061)
🔻 RCE – Safari (CVE-2025-43529); fixed in Linux distributions in webkit packages
🔻 MemCor – Chromium (CVE-2025-14174)

Another 97 vulnerabilities have public exploits or signs of their existence. Key examples:

🔸 MemCor – libpng (CVE-2026-22695)
🔸 XSS – Roundcube (CVE-2025-68461)
🔸 RCE – expr-eval (CVE-2025-13204)
🔸 ComInj – cpp-httplib (CVE-2026-21428), httparty (CVE-2025-68696), Miniflux (CVE-2026-21885)
🔸 SQLi – parsl (CVE-2026-21892)
🔸 SFB – OWASP CRS (CVE-2026-21876), Authlib (CVE-2025-68158)
🔸 AFW – node-tar (CVE-2026-23745)
🔸 PathTrav – GNU Wget2 (CVE-2025-69194), Tar (CVE-2025-45582)

🗒 Full Vulristics Report

На русском

About Authentication Bypass – GNU Inetutils (CVE-2026-24061) vulnerability

Leave a reply

About Authentication Bypass - GNU Inetutils (CVE-2026-24061) vulnerability

About Authentication Bypass – GNU Inetutils (CVE-2026-24061) vulnerability. GNU Inetutils is a collection of common network programs, including, among other things, a Telnet server (telnetd). A vulnerability in GNU Inetutils telnetd allows a remote attacker to obtain a root shell on the host without any credentials by sending a crafted USER environment variable containing the value “-f root”.

⚙️ A patch fixing the vulnerability was released on January 20. Versions 1.9.3–2.7 are vulnerable; the issue went undisclosed for 10+ years. 🤷‍♂️

🛠 A detailed write-up and exploit were published by SafeBreach on January 22.

👾 Exploitation in the wild has been observed by GreyNoise since January 21.

🌐 Shodan estimates ~212,396 Telnet servers online in total. How many of them use GNU Inetutils and are vulnerable is still unclear. CyberOK discovered around 500 potentially vulnerable Telnet servers in the Russian Internet segment.

На русском