Experts flag around 800,000 Telnet servers exposed to remote attacks - here's why users should be on their guard

• Critical Telnet flaw (CVE-2026-24061) exposes 800,000 devices worldwide
• Attackers gain root access, attempt Python malware deployment after bypassing authentication
• Patch released; users urged to disable Telnet or block port 23

A major security vulnerability has been spotted in Telnet, an old remote-access tool, which is already being exploited on a fairly large scale, experts have warned.

Researchers at Shadowserver said they saw almost 800,000 IP addresses with Telnet fingerprints, suggesting an enormous attack surface.

Telnet is an old network protocol that allows users to remotely log into devices. Because it is outdated and insecure, it is not supposed to be exposed to the internet anymore, but hundreds of thousands of devices still are - especially older Linux systems, routers, and IoT devices.