Telnet Flaw: 800,000 Servers at Risk Amid Active Attacks

Telnet Flaw Allows Unauthenticated Users to Gain Root Access Mathew J. Schwartz (euroinfosec) • January 27, 2026

Hackers are on the hunt for open Telnet ports in servers after discovering that a version of the legacy client-server application protocol is vulnerable to an authentication bypass vulnerability. More than 800,000 servers could be actively targeted in the wild.

See Also: On-Demand | NYDFS MFA Compliance: Real-World Solutions for Financial Institutions

The risk posed to operational technology environments in particular is acute, given the prevalence of legacy and embedded equipment that may sport the flaw. Also posing risks are legacy and shadow internet of things devices, since Telnet was often enabled in such gear by default.

The flaw is "an absolute gift for nation-state threat actors looking for persistence on OT systems," said Ian Thornton-Trump, CISO of Inversion6.

The flaw, tracked as CVE-2026-24061, came to light publicly on Jan. 20 thanks to a ...