CVE-2026-24061

Vulnerability

CVE-2026-24061

ecosystem: ubuntu:16.04, ubuntu:18.04, ubuntu:20.04, ubuntu:22.04, ubuntu:24.04, ubuntu:25.10

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

References

launchpad.net/ubuntu-cve-tracker: https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html
launchpad.net/ubuntu-cve-tracker: https://ubuntu.com/security/notices/USN-7992-1
launchpad.net/ubuntu-cve-tracker: https://ubuntu.com/security/notices/USN-7992-2
launchpad.net/ubuntu-cve-tracker: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
launchpad.net/ubuntu-cve-tracker: https://www.cve.org/CVERecord?id=CVE-2026-24061
launchpad.net/ubuntu-cve-tracker: https://www.gnu.org/software/inetutils/
launchpad.net/ubuntu-cve-tracker: https://www.openwall.com/lists/oss-security/2026/01/20/2
launchpad.net/ubuntu-cve-tracker: https://www.openwall.com/lists/oss-security/2026/01/20/8

severityh

high

type: vendor

source: launchpad.net/ubuntu-cve-tracker

published: 2026-01-21 07:16:00

Detection

ubuntu:16.04

CVE-2026-24061

ubuntu-cve-tracker

OR

fixed

dpkg

inetutils

package type: source

Affected version range

less than
2:1.9.4-1ubuntu0.1~esm5
fixed
2:1.9.4-1ubuntu0.1~esm5

type: version

tag: esm-apps/xenial_high

ubuntu:18.04

CVE-2026-24061

ubuntu-cve-tracker

OR

fixed

dpkg

inetutils

package type: source

Affected version range

less than
2:1.9.4-3ubuntu0.1+esm4
fixed
2:1.9.4-3ubuntu0.1+esm4

type: version

tag: esm-apps/bionic_high

ubuntu:20.04

CVE-2026-24061

ubuntu-cve-tracker

OR

fixed

dpkg

inetutils

package type: source

Affected version range

less than
2:1.9.4-11ubuntu0.2+esm3
fixed
2:1.9.4-11ubuntu0.2+esm3

type: version

tag: esm-apps/focal_high

ubuntu:22.04

CVE-2026-24061

ubuntu-cve-tracker

OR

fixed

dpkg

inetutils

package type: source

Affected version range

less than
2:2.2-2ubuntu0.2
fixed
2:2.2-2ubuntu0.2

type: version

tag: esm-apps/jammy_high

OR

fixed

dpkg

inetutils

package type: source

Affected version range

less than
2:2.2-2ubuntu0.2
fixed
2:2.2-2ubuntu0.2

type: version

tag: jammy_high

ubuntu:24.04

CVE-2026-24061

ubuntu-cve-tracker

OR

fixed

dpkg

inetutils

package type: source

Affected version range

less than
2:2.5-3ubuntu4.1
fixed
2:2.5-3ubuntu4.1

type: version

tag: noble_high

ubuntu:25.10

CVE-2026-24061

ubuntu-cve-tracker

OR

fixed

dpkg

inetutils

package type: source

Affected version range

less than
2:2.6-1ubuntu3.1
fixed
2:2.6-1ubuntu3.1

type: version

tag: questing_high

Data Sources

Ubuntu CVE Tracker
ubuntu-cve-tracker
- raw: ghcr.io/vulsio/vuls-data-db:vuls-data-raw-ubuntu-cve-tracker
- extracted: ghcr.io/vulsio/vuls-data-db:vuls-data-extracted-ubuntu-cve-tracker

FutureVuls|GitHub