• CVE-2026–24061 is a critical authentication bypass vulnerability in the GNU telnetd service that allows remote attackers to gain root access without credentials by manipulating the USER and PATH environment variables.
• This flaw enables the injection of arguments (specifically the -f flag) into the /usr/bin/login process, allowing a complete bypass of authentication.
• The lab includes a Docker container running a vulnerable telnetd server so you can test things out.
• The walkthrough below explains how the telnet protocol works and how a flaw in the pty.c source code (committed in 2015) is susceptible to environment variable tampering.
• Exploit code included that will spawn a reverse shell.

Walkthrough Here: