Ctrl + K
/ news / CVE
CVEPublished 2026-01-211 article on news6 live referencesNVD data

CVE-2026-24061

Vulnerability data via CVEDB (Shodan)

CISA KEVKnown exploited in the wild.
CISA action: GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER environment variable.
CVSS v3.1
9.8
CRITICAL
EPSS percentile
100
Exploit Prediction Scoring System · top 0% of all CVEs
Description

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Timeline
Published 2026-01-21

External references

NVDMITREExploit-DBSploitustrickest/cveVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag4 hosts
vuln:CVE-2026-24061
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product + version
product:"Gnu Inetutils" version:"1.9.3"
Version-pinned fingerprint from NVD's first vulnerable CPE.
Shodan · banner/body mention
http.html:"Inetutils"
HTTP body or banner mentions "Inetutils" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2026-24061
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-24061
Censys host search filtered to this CVE id.
grep.app
CVE-2026-24061
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-24061
GitHub code search for direct mentions.
Google dork
"CVE-2026-24061" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2026-240618 repos
nomi-sec/PoC-in-GitHubunknown
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
★ 7,847·updated today
KingOfBugbounty/KingOfBugBountyTipsPython
Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can re…
★ 5,428·updated 3mo ago
Threekiii/Awesome-POCJava
一个漏洞 PoC 知识库。A knowledge base for vulnerability PoCs(Proof of Concept), with 1k+ vulnerabilities.
★ 5,043·updated 1mo ago
0xsyr0/OSCPPowerShell
OSCP Cheat Sheet
★ 3,757·updated 5d ago
TideSec/TscanPlusunknown
一款综合性网络安全检测和运维工具,旨在快速资产发现、识别、检测,构建基础资产信息库,协助甲方安全团队或者安全运维人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
★ 3,739·updated 1d ago
0xMarcio/cvePython
Latest CVEs with their Proof of Concept exploits.
★ 1,316·updated today
mdisec/mdisec-twitch-yayinlariunknown
https://twitch.tv/mdisec
★ 1,174·updated 1w ago
GhostTroops/TOPShell
TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things
★ 731·updated today
Articles on news mentioning CVE-2026-24061