Telnet in 2026: A 10‑Year‑Old Bug Now Giving Attackers Root Access

Telnet in 2026: A 10‑Year‑Old Bug Now Giving Attackers Root Access

  • Posted on January 24, 2026
  • /Under Security

Telnet should have been retired years ago, but in 2026 it’s still causing serious breaches.

A critical vulnerability CVE-2026-24061 in the GNU telnet server (telnetd) was discovered in January 2026. The bug has existed since 2015 and lets attackers log in as root without a password by simply sending a crafted username. Once they have root access, they can take full control of the system, read files, install malware, or use the device to attack others.

This isn’t theoretical. Exploits appeared online within 24 hours, and attackers are already scanning and exploiting vulnerable servers worldwide.

Telnet sends everything in plain text over the network, including usernames and passwords, which makes it even worse. SSH has been the secure replacement for decades, yet tens of thousands of telnet servers are still exposed on the internet.

Why This Still Happens

Many devices and systems still run telnet because:

  • They are old or embedded devices that never get updates
  • Administrators didn’t disable telnet after setup
  • Legacy systems were forgotten but left online

These forgotten systems become easy targets because attackers can exploit old services faster than defenders can patch them.

What You Should Do Now

If your systems still run telnet:

  1. Disable telnet immediately unless it is absolutely required
  2. Use SSH instead for remote access
  3. Block port 23 at the firewall if telnet is not needed externally
  4. Restrict access to trusted IPs only
  5. Check logs for unexpected login attempts

To quickly check if a Linux server has telnet enabled:

netstat -tlnp | grep :23

If you see a service listening on port 23, that’s telnet. In most cases, it should go.

The Takeaway

Security problems today often don’t come from new threats, they come from old services we forgot about. Telnet was replaced long ago for good reasons: it’s insecure, outdated, and now it’s giving attackers an easy way in. Reviewing and disabling legacy services is one of the simplest but most effective steps you can take to protect your systems.

Stay practical. Minimise your exposure. Reduce risk.