CVE-2026-28372

HIGH
2026-02-27 [email protected]
7.4
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Mar 07, 2026 - 17:15 vuln.today
Public exploit code
Patch Released
Mar 07, 2026 - 17:15 nvd
Patch available
CVE Published
Feb 27, 2026 - 06:18 nvd
HIGH 7.4

Tags

Linux Privilege Escalation Inetutils

Description

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.

Analysis

Inetutils versions up to 2.7 is affected by inclusion of functionality from untrusted control sphere (CVSS 7.4).

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Inventory all systems running Inetutils up to version 2.7 and assess exposure level. Within 7 days: Apply vendor patch to all affected systems, prioritizing internet-facing and critical infrastructure assets. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

57
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +37
POC: +20

Share

CVE-2026-28372 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy