Inetutils

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-28372 HIGH POC PATCH This Week

Inetutils versions up to 2.7 is affected by inclusion of functionality from untrusted control sphere (CVSS 7.4).

Linux Privilege Escalation Inetutils
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-24061 CRITICAL POC KEV PATCH THREAT Act Now

GNU Inetutils telnetd through version 2.7 contains a critical authentication bypass that allows remote attackers to gain root access by setting the USER environment variable to '-f root' during TELNET negotiation. With EPSS 75% and KEV listing, this trivially exploitable vulnerability (CVE-2026-24061) has been widely weaponized. Public PoC is available and patches exist.

Authentication Bypass Debian Linux Inetutils Suse
NVD
CVSS 3.1
9.8
EPSS
75.3%
Threat
7.2
CVE-2026-28372
EPSS 0% CVSS 7.4
HIGH POC PATCH This Week

Inetutils versions up to 2.7 is affected by inclusion of functionality from untrusted control sphere (CVSS 7.4).

Linux Privilege Escalation Inetutils
NVD
CVE-2026-24061
EPSS 75% 7.2 CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

GNU Inetutils telnetd through version 2.7 contains a critical authentication bypass that allows remote attackers to gain root access by setting the USER environment variable to '-f root' during TELNET negotiation. With EPSS 75% and KEV listing, this trivially exploitable vulnerability (CVE-2026-24061) has been widely weaponized. Public PoC is available and patches exist.

Authentication Bypass Debian Linux Inetutils +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy