Nearly 800,000 Telnet Servers Left Exposed as Hackers Exploit Critical Security Flaw

A newly patched vulnerability is being actively abused, putting thousands of legacy and IoT systems at risk worldwide.

Security researchers have raised fresh alarms after discovering that nearly 800,000 internet-exposed Telnet servers remain vulnerable to remote attacks. The warning comes as hackers begin exploiting a serious flaw in the widely used GNU InetUtils Telnet service, exposing outdated systems across the globe.

The vulnerability, tracked as CVE-2026-24061, affects GNU InetUtils versions released as far back as 2015 and was only fixed last week. The flaw allows attackers to log in as the system’s most powerful user root without needing a password, effectively handing over full control of affected machines.

According to the Shadowserver Foundation, which monitors global internet threats, hundreds of thousands of exposed Telnet servers have been detected, with the highest concentrations in Asia, South America and Europe. Many of these systems are believed to be older servers or internet-connected devices that have not received security updates in years.

Cybersecurity firm GreyNoise confirmed that attackers began exploiting the flaw almost immediately after the patch was released. Some attacks appear automated, while others show signs of manual control. In most cases, attackers attempted to gain root access and deploy malware, though many of these efforts failed due to missing system components.

Experts warn that Telnet should never be exposed to the public internet, especially on legacy or IoT devices where it is often left enabled by default. Because these systems can run unchanged for over a decade, they are especially attractive targets.

Security professionals strongly advise system administrators to update to the latest version, disable Telnet entirely, or block access to port 23 until systems can be secured. Without swift action, vulnerable devices could quickly become part of larger cyberattacks.