Main Vulnerability Database Exploits ID:12442 - Exploit for Improper Neutralization of Argument Delimiters in a Command in Inetutils - GNU network utilities - CVE-2026-24061

ID:12442 - Exploit for Improper Neutralization of Argument Delimiters in a Command in Inetutils - GNU network utilities - CVE-2026-24061

Published: February 27, 2026

Vulnerability identifier: #VU121953

Vulnerability risk: Critical

CVE-ID: CVE-2026-24061

CWE-ID: CWE-88

Exploitation vector: Remote access

Vulnerable software:
Inetutils - GNU network utilities

Link to public exploit:

https://github.com/tiborscholtz/CVE-2026-24061

Vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation when processing attacker-controlled USER environment variable. A remote non-authenticated attacker can simply connect to the remote server with a specially crafted environment variable and obtain root privileges.

Exploitation example:

USER='-f root' telnet -a <host>

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

ID:12442 - Exploit for Improper Neutralization of Argument Delimiters in a Command in Inetutils - GNU network utilities - CVE-2026-24061

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human