Experts flag around 800,000 Telnet servers exposed to remote attacks – here’s why users should be on their guard
- Critical Telnet Flaw (CVE-2026-24061) Exposes 800,000 Devices Worldwide
- Attackers gain root access and attempt to deploy Python malware after bypassing authentication
- Patch released; Users are prompted to disable Telnet or block port 23
A major security flaw has been spotted in Telnet, an old remote access tool, already used on a fairly large scale, experts warn.
Shadowserver researchers said they saw nearly 800,000 IP addresses with Telnet fingerprints, suggesting a huge attack surface.
Telnet is an old network protocol that allows users to connect to devices remotely. Because it is outdated and insecure, it is no longer supposed to be exposed to the Internet, but hundreds of thousands of devices still are, especially older Linux systems, routers, and IoT devices.
Fixes and workarounds
The abused authentication bypass vulnerability is tracked as CVE-2026-24061 and received a severity score of 9.8/10 (critical). This affects GNU InetUtils versions 1.9.3 (released 11 years ago in 2015) up to 2.7. It was fixed earlier this month, in version 2.8.
Citing Shadowserver data, BeepComputer noted that the majority of devices with Telnet fingerprints come from Asia (380,000), followed by 170,000 from South America and around 100,000 from Europe. We don’t know how many of these devices have been protected against this vulnerability, but we can assume that not all have.
“We have around 800,000 Telnet instances exposed worldwide – naturally they shouldn’t be. [..] Telnet should not be publicly exposed, but it often is, especially on older IoT devices,” the Shadowserver Foundation said in its report.
The patch was released on January 20, and within a day, malicious actors began scanning for vulnerable endpoints, security researchers GreyNoise said. Initially, at least 18 IP addresses performed 60 Telnet sessions, accessing compromised devices without authentication. In the vast majority of cases (83%), attackers gained root access and used it to attempt to deploy Python malware. But most attempts have failed.
Those who cannot apply the patch immediately should disable the telnetd service or block TCP port 23 on all firewalls.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
:max_bytes(150000):strip_icc()/Health-GettyImages-1490365250-1fa1a6be6c824428914db149fb8b46e1.jpg?w=390&resize=390,220&ssl=1 "Foods To Eat and Avoid To Manage IBD Symptoms and Reduce Flare-Ups")
