## https://sploitus.com/exploit?id=7A4B1905-4339-5091-9EC5-CBEDA88B266F
# CVE-2026-28372: GNU inetutils telnetd Privilege Escalation



Professional Proof-of-Concept (PoC) for CVE-2026-28372, a Local Privilege Escalation (LPE) vulnerability in GNU inetutils telnetd (versions โค 2.7).
## Technical Summary
The vulnerability occurs because telnetd improperly passes client-controlled environment variables to login(1). By manipulating the CREDENTIALS_DIRECTORY variable and placing a login.noauth file within it, an attacker can bypass authentication and obtain a root shell without a password.
## Exploit Flow
1. Directory Control: Create a malicious directory containing login.noauth.
2. Environment Injection: Inject CREDENTIALS_DIRECTORY via Telnet NEW-ENVIRON option.
3. Privilege Escalation: login(1) grants root access based on the untrusted directory configuration.
## Usage
Ensure you have local access and the telnetd service is running.
```bash
python3 cve-2026-28372.py --target 127.0.0.1