Share
## https://sploitus.com/exploit?id=EFBFC387-BC76-565F-831A-FA80FDE3850F
# CVE-2026-24061 Proof of Concept (PoC)

## โš ๏ธ DISCLAIMER: EDUCATIONAL PURPOSES ONLY โš ๏ธ

**This repository contains a Proof-of-Concept (PoC) exploit for CVE-2026-24061. It is intended strictly for educational purposes and for testing systems in a controlled lab environment.**

The author takes no responsibility for any misuse of this code.

---

## About CVE-2026-24061

This vulnerability affects `inetutils-telnetd` and allows an unauthenticated remote attacker to gain root privileges by manipulating the `USER` environment variable.

For a detailed analysis, please refer to the following research:
[Safebreach Labs Root Cause Analysis](https://humble-raptor-f30.notion.site/Red-62-CVE-2026-24061-Telnetd-2f54c8e5237680198255ec4a8af371d3?source=copy_link)

## Setting up the Vulnerable Environment

A Docker image has been prepared to safely simulate the vulnerable environment.

**Run the vulnerable container:**
```bash
docker run -d -p 23:23 --name vulnerable-telnetd joshbeck2024/ctf-cve-2026-24061-telnetd
```

*Note: This binds the vulnerable service to port 23 on your host. Ensure you are on a isolated network.*

## Usage

1. **Edit the exploit script:**
   Update `exploit.py` with the target IP address.
   ```python
   exploit("TARGET_IP", 23)
   ```

2. **Run the exploit:**
   ```bash
   python3 exploit.py
   ```

3. **Result:**
   If successful, the script will establish a reverse shell connection to the listener you configure within the script (or print the flag if using the default check).

---
*Stay Ethical. Stay Safe.*