3:30pm, 30 January 2026
TLP Rating:
CVE-2026-24061 affecting GNU InetUtils
A critical vulnerability affecting telnetd in GNU InetUtils (CVE-2026-24061) could allow an attacker to remotely bypass authentication. The NCSC is aware of open-source reports of exploitation.
The NCSC encourages organisations in New Zealand that use the affected product to review the vendor advisory and apply the remediation as soon as possible. We also urge affected organisations to investigate unauthorised access or compromise of the affected products.
What's happening
Systems affected
The following products are affected:
- GNU InetUtils versions 1.9.3 up to and including 2.7
What to look for
How to tell if you're at risk
If you are using a GNU InetUtils version within the affected versions range.
What to do
Prevention
Upgrade to the latest GNU InetUtils version, per the vendor advisory.
Mitigation
Apply the patch or upgrade to a newer release which incorporates the patch. Refer to the vendor advisory for more details.
More information
Read more about this vulnerability on NIST’s National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2026-24061 External Link
Read more about this alert on the vendor website: https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html External Link
If you require more information or further support, submit a report on our website: Report an incident
If you need assistance using the tool, call us on 0800 114 115. Calling us is free within New Zealand. We’re open 7am to 7pm, Monday to Friday, and we’re closed on public holidays.
How helpful was this page?
This site is protected by reCAPTCHA and the Google Privacy Policy External Link and Terms of Service External Link apply.