REPRO-2026-00077 CRITICAL Auth Bypass Verified

GNU InetUtils telnetd Remote Authentication Bypass

inetutils (gnu) Jan 21, 2026

Confidence HIGH

Reproduced in 35m 50s

Tool calls 300

Affected 1.9.3 - 2.7

What's the vulnerability?

GNU InetUtils telnetd versions 1.9.3 through 2.7 accept the USER environment variable from telnet clients and pass it directly to login(1) without sanitization.

Root Cause Analysis

One Command

Verify with pruva-verify

Run the Pruva CLI to automatically fetch and execute the reproduction script.

pruva-verify REPRO-2026-00077

Install: curl -fsSL https://pruva.dev/install.sh | sh

Or Run Manually

Download the script

curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00077/artifacts/bundle/repro/reproduction_steps.sh

Make executable

chmod +x reproduction_steps.sh

Run the script

./reproduction_steps.sh

Run in a VM, container, or disposable environment. This exploits a real vulnerability.

How Pruva Reproduced This

Watch the AI agent's step-by-step process.

Loading session...

Artifacts

bundle/repro/reproduction_steps.sh2.5 KB

bundle/repro/rca_report.md2.5 KB

bundle/ticket.md2.6 KB

bundle/logs/expect_exploit.log1.4 KB

bundle/logs/result.log0.0 KB

bundle/logs/inetd.log0.2 KB