The 11-year-old vulnerability likely impacts many devices that are no longer supported — and presents easy exploit even for those that are.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

A critical 11-year-old vulnerability (CVE-2026-24061) in the Telnet server allows trivial authentication bypass using a simple command: `USER='-f root' telnet -a [host_ip]`. The flaw exists in inetutils since version 1.9.3 and affects many unsupported IoT and embedded devices. Attackers can gain root access remotely or use it for local privilege escalation. Organizations should immediately patch, disable Telnet services, or restrict access via firewall rules, as exploitation attempts are already being observed in the wild.

Trivial Telnet authentication bypass exposes devices to complete takeover