## https://sploitus.com/exploit?id=EFBFC387-BC76-565F-831A-FA80FDE3850F
# CVE-2026-24061 Proof of Concept (PoC)
## โ ๏ธ DISCLAIMER: EDUCATIONAL PURPOSES ONLY โ ๏ธ
**This repository contains a Proof-of-Concept (PoC) exploit for CVE-2026-24061. It is intended strictly for educational purposes and for testing systems in a controlled lab environment.**
The author takes no responsibility for any misuse of this code.
---
## About CVE-2026-24061
This vulnerability affects `inetutils-telnetd` and allows an unauthenticated remote attacker to gain root privileges by manipulating the `USER` environment variable.
For a detailed analysis, please refer to the following research:
[Safebreach Labs Root Cause Analysis](https://humble-raptor-f30.notion.site/Red-62-CVE-2026-24061-Telnetd-2f54c8e5237680198255ec4a8af371d3?source=copy_link)
## Setting up the Vulnerable Environment
A Docker image has been prepared to safely simulate the vulnerable environment.
**Run the vulnerable container:**
```bash
docker run -d -p 23:23 --name vulnerable-telnetd joshbeck2024/ctf-cve-2026-24061-telnetd
```
*Note: This binds the vulnerable service to port 23 on your host. Ensure you are on a isolated network.*
## Usage
1. **Edit the exploit script:**
Update `exploit.py` with the target IP address.
```python
exploit("TARGET_IP", 23)
```
2. **Run the exploit:**
```bash
python3 exploit.py
```
3. **Result:**
If successful, the script will establish a reverse shell connection to the listener you configure within the script (or print the flag if using the default check).
---
*Stay Ethical. Stay Safe.*