Screenshot of a BaseFortify CVE report page for CVE-2026-24061 showing description, CVSS 9.8 critical severity, affected GNU Inetutils versions, and attack flow visualization.

🧠 Technical details

telnetd improperly passes the USER environment variable to the login program. Supplying "-f root" is interpreted as a command flag, bypassing authentication entirely. No password required. ⚠️🐚

#AuthBypass #CWE88 #SysAdmin #Infosec