An often-overlooked threat vector is once again in the spotlight as threat actors take advantage of a critical vulnerability that impacts hundreds of thousands of telnet servers This article explores telnet outdated protocol. . A critical authentication bypass vulnerability in the GNU InetUtils telnetd server was added to the US Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerability (KEV) catalog on Monday.

The vulnerability, known as CVE-2026-24061, has been present in the open source program for over ten years and could grant attackers total control over a device if it is exploited. In his January 20 disclosure on SecList.org, security researcher Simon Josefsson wrote, "If you are tired of modern age vulnerabilities, and remember the good old times on bugtraq, I hope you will appreciate this one."

Citing Forescout's "Project Memoria" study on overlooked TCP/IP vulnerabilities, dos Santos states, "Our prior experience with this type of supply chain vulnerability shows that this can take years." Related: Cybersecurity Risks in Humanoid Robots Alert Analysts ## Is Telnet Time to Retire? Even though telnet is an outdated protocol, penetration tester Shivam Bathla stated in a Medium post that he has seen numerous examples of exposed telnet ports in systems and automobiles during pen-test engagements, demonstrating that the protocol is "not a thing of the past but very relevant" to the current threat landscape.

"And I have to admit, the ease with which this vulnerability could be exploited astounded me," Bathla wrote.

According to Dos Santos, telnet is still used by 4% of all connected devices that Forescout monitors.