H-ISAC TLP White Threat Bulletin Active Exploitations of an 11-Year-Old Critical Telnetd Vulnerability (CVE-2026-24061)

On January 19, 2026, a security researcher, Kyu Neushwaistein (a.k.a. Carlos Cortes Alvarez), reported an 11-year-old critical vulnerability in telnetd, tracked as CVE-2026-24061.

The vulnerability, with a CVSS score of 9.8, is an authentication bypass flaw that allows root access via Telnet. It has been discovered to be actively weaponized by actors like 'rwxrwx'.

Therefore, healthcare providers must disable Telnet (especially if not in use), update to v2.7-2+, or isolate unpatchable equipment via strict network segmentation to prevent any malicious payloads and data theft.

Health-ISAC provides this information to increase situational awareness and encourage organizations to assess their level of risk to this vulnerability.

View the detailed bulletin below.

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Advisory
House Passes Appropriations Package for Health Care Funding, Extends Key AHA-supported Health Care Provisions
Member
Advancing Health Podcast
Cybersecurity on the Health Care Front Lines Against AI and Ransomware
Letter/Comment
AHA Support for Senate Rural Hospital Cybersecurity Enhancement Act
Public
Special Bulletin
Senate Deal Reached to End Government Shutdown
Member
Guides and Reports
Strategies for Cyber Preparedness in Health Care
Advisory
Hospitals That Are Oracle Customers Urged to Take Immediate Action to Address Security Vulnerability
Public