A ten-year-old flaw just opened a root-level backdoor into your legacy systems. 🛡️

A ten-year-old flaw just opened a root-level backdoor into your legacy systems. 🛡️

CVE-2026-24061 · Severity 10.0 · Critical Authentication Bypass in GNU InetUtils telnetd.

We are seeing active exploitation of a decade-old vulnerability that allows unauthenticated attackers to gain immediate root access to vulnerable servers. By crafting a specific USER environment variable, attackers can trick the system into skipping the password prompt entirely.

While Telnet is often replaced by SSH, it remains prevalent in legacy industrial environments and internal networks. This flaw is currently being used to establish persistence in high-value targets that still rely on these older protocols.

The uncomfortable truth: Your oldest, most forgotten systems are often the most privileged gateways for an attacker once they are inside your perimeter.

→ Disable Telnet services across all internal and external systems immediately.

→ If Telnet is required for legacy industrial operations, isolate it behind a Zero Trust gateway.

→ Hunt for unauthorized root-level logins and new administrative account creations in legacy server logs.

Have you confirmed that your internal networks are free of legacy Telnet daemons today? 👇

#Cybersecurity #LegacySecurity #ZeroTrust #PatchManagement #CISO #CodeDefence