The US cybersecurity company CISA on Monday expanded the Recognized Exploited Vulnerabilities (KEV) catalog with 5 flaws, together with two Linux bugs.
The primary Linux difficulty is CVE-2026-24061 (CVSS rating of 9.8), a critical-severity defect in GNU Inetutils that has been exploited inside days of its public disclosure final week.
It’s an authentication bypass within the GNU telnetd service, which doesn’t sanitize the USER surroundings variable earlier than passing it to the login perform.
The USER surroundings variable is used to pre-fill the username used for authentication and, as a result of an attacker can management it by way of the Telnet protocol, the attacker can provide an ‘-f’ flag to bypass authentication.
An attacker can exploit the bug by sending crafted Telnet instructions to set the USER variable, bypass authentication, and procure a root shell, gaining distant code execution (RCE) on weak programs, SafeBreach explains.
CVE-2026-24061 was launched in GNU Inetutils model 1.9.3, which was launched in Could 2015, and impacts all iterations as much as and together with model 2.7, which was rolled out in December 2025.Commercial. Scroll to proceed studying.
Inside days of the flaw’s public disclosure on January 20, GreyNoise reported seeing 60 exploitation makes an attempt from 18 distinctive assault sources. The assaults concerned reconnaissance, SSH persistence, and malware deployment.
As SafeBreach factors out, greater than 200,000 programs have a Telnet service uncovered to the web (or over 1 million, per Censys), however solely these utilizing the GNU telnetd service are weak.
The second Linux difficulty added to the KEV catalog this week is CVE-2018-14634 (CVSS rating of seven.8), an integer overflow vulnerability within the kernel that would enable an attacker with entry to a privileged binary to escalate their privileges to root.
Qualys, which found and reported the vulnerability, stated in September 2018 that exploitation was attainable on programs with not less than 32GB of RAM, as a consequence of assault necessities.
There look like no studies of CVE-2018-14634’s in-the-wild exploitation previous to CISA’s warning.
On Monday, CISA additionally added to the KEV catalog two SmarterMail bugs reported as exploited final week, and a Microsoft Workplace zero-day, urging federal companies to deal with all 5 bugs by February 16.
Associated: Organizations Warned of Exploited Zimbra Collaboration Vulnerability
Associated: Cisco Patches Vulnerability Exploited by Chinese language Hackers
Associated: Crucial HPE OneView Vulnerability Exploited in Assaults
Associated: WatchGuard Patches Firebox Zero-Day Exploited within the Wild
