Vulnerability Details
A vulnerability in GNU InetUtils versions 1.9.3 through 2.7 has been reported, which was patched in version 2.8. This vulnerability can be mitigated by disabling the telnetd service or blocking TCP port 23 on all firewalls.
Impact on Devices
GNU InetUtils is used across multiple Linux distributions and can run without updates for more than a decade on legacy and embedded devices, including IoT devices, cameras, industrial sensors, and Operational Technology (OT) networks.
Real-World Exploitation Activity
Threat monitoring firm GreyNoise has detected real-world exploitation activity leveraging CVE-2026-24061 against a small number of vulnerable endpoints, with 18 unique attacker IPs across 60 Telnet sessions.
Post-Exploitation Phase
In the post-exploitation phase, the attackers conducted automated reconnaissance and attempted to persist SSH keys and deploy Python malware, but these attempts failed on the observed systems due to missing binaries or directories.