Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-24061

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 months, 4 weeks ago

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass …

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

References

Affected products

Inetutils

=<2.7

Matching in nixpkgs

pkgs.inetutils

Collection of common network programs

nixos-unstable 2.6
- nixpkgs-unstable 2.6
- nixos-unstable-small 2.6
nixos-25.11 2.6
- nixpkgs-25.11-darwin 2.6

Package maintainers

@matthewbauer Matthew Bauer <mjbauer95@gmail.com>