← Back to home
wid-sec-w-2026-0550  ·  Published 2026-02-26  ·  View on BSI CERT-Bund ↗

InetUtils (telnetd): Vulnerability allows Privilegieneskalation

CVSS 7.4 HIGH

Risk Summary

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.

CVEs (1)

Affected Vendors

Open Source

Affected Products (1)

Open Source · InetUtils 2.7

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more