Skip to main content
Skip table of contents

ISN 2026-08: Telnetd Vulnerabilities

First published 26 March 2026

CVSS:3.1: 7.8 (High)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A security vulnerability has been found in Telnetd, a network service used in IGEL OS for the Secure Terminal feature. This affects the following product versions:

  • IGEL OS 12

Details

It has been discovered that Telnetd in GNU Inetutils through 2.7 allows a remote authentication bypass via a "-f root" value for the USER environment variable (CVE-2026-24061). In addition, there is an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler (CVE-2026-32746).

IGEL rates these vulnerabilities as high, as Telnetd is only listening on localhost on IGEL OS 12.

OS 11 is not affected, as it uses a different Telnetd implementation.

Update Instructions

  • OS 12: Update to the base system app in version 12.7.6 or newer when available from the IGEL App Portal.

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close