CVE-2026-24061: Critical Telnetd Flaw Grants Root Access

A critical vulnerability, CVE-2026-24061, in GNU InetUtils telnetd allows remote attackers to gain root access by exploiting an argument injection flaw where the USER environment variable is passed unsanitized to the login program. This decade-old flaw was accidentally introduced in a 2015 patch and can be exploited by crafting a malicious payload like ‘-f root’ to bypass authentication.