JustAppSec
HIGH SeverityCVSS 3.17.4CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2026-28372

Last updated Feb 28, 2026 · Published Feb 27, 2026

← Back to list

Description

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.

Affected products

1 listed
  • GNU:inetutils

Mappings

CWE

CWE-829

CAPEC

None listed.

CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms