CVE-2026-28372

Exploitation Summary

EIP tracks 6 public exploits for CVE-2026-28372. PoCs published by XiaomingX, exploitintel, Rohitberiwala.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-28372, which leverages environment variable injection (CREDENTIALS_DIRECTORY) and a crafted login.noauth file to bypass authentication in GNU inetutils telnetd, leading to local privilege escalation to root.

Description

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.

Exploits (6)

github WORKING POC 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-28372

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2026-28372, which leverages environment variable injection (CREDENTIALS_DIRECTORY) and a crafted login.noauth file to bypass authentication in GNU inetutils telnetd, leading to local privilege escalation to root.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: GNU inetutils telnetd <= 2.7

No auth needed

Prerequisites: local file write access · telnetd running and accepting connections · util-linux >= 2.40 supporting login.noauth

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Mar 02, 2026 Full analysis →

github WORKING POC 1 stars

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2026-28372

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2026-28372, a local privilege escalation vulnerability in GNU inetutils telnetd < 2.7. The exploit leverages the Telnet NEW_ENVIRON option to inject the CREDENTIALS_DIRECTORY environment variable, bypassing authentication in util-linux login(1) >= 2.40.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: GNU inetutils telnetd < 2.7 with util-linux >= 2.40

No auth needed

Prerequisites: Local access to a vulnerable system · GNU inetutils telnetd < 2.7 · util-linux >= 2.40

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Mar 02, 2026 Full analysis →

nomisec WORKING POC

by Rohitberiwala · poc

https://github.com/Rohitberiwala/CVE-2026-28372-telnetd-Privilege-Escalation

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2026-28372, a local privilege escalation vulnerability in GNU inetutils telnetd. The exploit manipulates the CREDENTIALS_DIRECTORY environment variable to bypass authentication via a login.noauth file, granting root access.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: GNU inetutils telnetd ≤ 2.7

No auth needed

Prerequisites: telnetd service running · Python 3 installed · util-linux supporting login.noauth

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Mar 10, 2026 Full analysis →

nomisec WORKING POC

by Rohitberiwala · poc

https://github.com/Rohitberiwala/CVE-2026-28372

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2026-28372, a local privilege escalation vulnerability in GNU inetutils telnetd. The exploit manipulates the CREDENTIALS_DIRECTORY environment variable to bypass authentication and obtain a root shell.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: GNU inetutils telnetd ≤ 2.7

No auth needed

Prerequisites: telnetd service running · Python 3 installed · util-linux supporting login.noauth

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Mar 07, 2026 Full analysis →

nomisec WORKING POC

by kalibb · poc

https://github.com/kalibb/CVE-2026-28372-GNU-inetutils-telnetd-Privilege-Escalation-main

View Code ZIP pw:eip

The repository contains a functional Python exploit for CVE-2026-28372, which leverages environment variable injection (CREDENTIALS_DIRECTORY) and a crafted login.noauth file to bypass authentication in GNU inetutils telnetd, leading to local privilege escalation to root.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: GNU inetutils telnetd <= 2.7

No auth needed

Prerequisites: local file write access · telnetd running and accepting connections · util-linux >= 2.40 supporting login.noauth

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 28, 2026 Full analysis →

nomisec WORKING POC

by mbanyamer · poc

https://github.com/mbanyamer/CVE-2026-28372-GNU-inetutils-telnetd-Privilege-Escalation

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2026-28372, which leverages environment variable injection (CREDENTIALS_DIRECTORY) and a crafted login.noauth file to bypass authentication in GNU inetutils telnetd, leading to local privilege escalation to root.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: GNU inetutils telnetd <= 2.7

No auth needed

Prerequisites: Local file write access · telnetd running and accepting connections · util-linux >= 2.40

MITRE ATT&CK