Share
## https://sploitus.com/exploit?id=7A4B1905-4339-5091-9EC5-CBEDA88B266F
# CVE-2026-28372: GNU inetutils telnetd Privilege Escalation

![CVE](https://img.shields.io/badge/CVE-2026--28372-critical)
![CVSS](https://img.shields.io/badge/CVSS-7.4-orange)
![License](https://img.shields.io/badge/license-MIT-green)

Professional Proof-of-Concept (PoC) for CVE-2026-28372, a Local Privilege Escalation (LPE) vulnerability in GNU inetutils telnetd (versions โ‰ค 2.7).

## Technical Summary
The vulnerability occurs because telnetd improperly passes client-controlled environment variables to login(1). By manipulating the CREDENTIALS_DIRECTORY variable and placing a login.noauth file within it, an attacker can bypass authentication and obtain a root shell without a password.

## Exploit Flow
1. Directory Control: Create a malicious directory containing login.noauth.
2. Environment Injection: Inject CREDENTIALS_DIRECTORY via Telnet NEW-ENVIRON option.
3. Privilege Escalation: login(1) grants root access based on the untrusted directory configuration.

## Usage
Ensure you have local access and the telnetd service is running.

```bash
python3 cve-2026-28372.py --target 127.0.0.1