CVE-2026-24061: GNU InetUtils Argument Injection Vulnerability. GNU

GNU InetUtils Argument Injection Vulnerability. GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER environment variable.

• CISA KEV-listed (remediation due 2026-02-16)
• EPSS 91.5% (99.7% percentile)

Browse the CVE database

Read the full analysis on IntelFusions