First published 26 March 2026
CVSS:3.1: 7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A security vulnerability has been found in Telnetd, a network service used in IGEL OS for the Secure Terminal feature. This affects the following product versions:
-
IGEL OS 12
Details
It has been discovered that Telnetd in GNU Inetutils through 2.7 allows a remote authentication bypass via a "-f root" value for the USER environment variable (CVE-2026-24061). In addition, there is an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler (CVE-2026-32746).
IGEL rates these vulnerabilities as high, as Telnetd is only listening on localhost on IGEL OS 12.
OS 11 is not affected, as it uses a different Telnetd implementation.
Update Instructions
-
OS 12: Update to the base system app in version 12.7.6 or newer when available from the IGEL App Portal.
References
-
CVE-2026-24061: https://nvd.nist.gov/vuln/detail/CVE-2026-24061
-
CVE-2026-32746: https://nvd.nist.gov/vuln/detail/CVE-2026-32746