CVE-2026-28372
Publication date 27 February 2026
Last updated 5 March 2026
Ubuntu priority
Description
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| inetutils | 25.10 questing |
Vulnerable
|
| 24.04 LTS noble |
Vulnerable
|
|
| 22.04 LTS jammy |
Vulnerable
|
|
| 20.04 LTS focal |
Vulnerable
|
|
| 18.04 LTS bionic |
Vulnerable
|
|
| 16.04 LTS xenial |
Vulnerable
|
|
| 14.04 LTS trusty |
Vulnerable
|
Notes
mdeslaur
This is only an issue when used with util-linux 2.40+ which added support for systemd service credentials Noble and earlier shipped with util-linux < 2.40 and are not vulnerable to this issue. See discussion here for more possible issues: https://www.openwall.com/lists/oss-security/2026/02/24/1 Should also include all the hardening commits from here: https://cgit.git.savannah.gnu.org/cgit/inetutils.git/log/telnetd
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.4 · High
|
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2026-28372
- https://lists.gnu.org/archive/html/bug-inetutils/2026-02/msg00000.html
- https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?id=3953943d8296310485f98963883a798545ab9a6c
- https://lists.gnu.org/archive/html/bug-inetutils/2026-02/msg00012.html
- https://www.openwall.com/lists/oss-security/2026/02/24/1