CVE-2026-24061 - Telnet version vulnerability with CA API Gateway
search cancel

CVE-2026-24061 - Telnet version vulnerability with CA API Gateway

book

Article ID: 434092

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

It has been reported by our scan that there is a vulnerability with the current version of telnet installed:

Remote package installed : inetutils-telnet_2:2.4-2+deb12u1

should be : inetutils-telnet_2:2.4-2+deb12u2

Remote Package installed :  telnet_0.17-42

should be : telnet_2:2.4-2+deb12u2

We are currently at the following and installed the support pack:

Layer7_API_Gateway_Debian_MPP_v11.1-2026-01-26

Layer7_API_Gateway_SupportPack_Debian_v11.1-2026-01-26

Please let us know if there is an available patch that will remediate CVE-2026-24061

Environment

CA API Gateway 11.1

Debian 

Cause

 telnet_0.17-42 and inetutils-telnet_2:2.4-2+deb12u1_amd64.deb , telnet version vulnerable to  CVE-2026-24061

Resolution

The inetutils-telnet  2:2.4-2+deb12u2 fixed the CVE-2026-24061 vulnerability and it is contained on the February Support Pack

Layer7_API_Gateway_SupportPack_Debian_v11.1-2026-02-22 .

1. Check telnet versions installed:

dpkg -l | grep telnet

2. Try the following command :

sudo apt purge '*telnet*'

3. If the above command fails, you will be encouraged to run :

apt --fix-broken install

4. run again :

sudo apt purge '*telnet*'

this will purge all telnet versions from the system .

5. Check version installed again and check if no results displayed.

dpkg -l | grep telnet

dpkg -l | grep inetutils-telnet

dpkg -s telnet | grep '^Version:'

6. Install the Support  pack as normal and then check the version and see only inetutils-telnet installed

dpkg -l | grep telnet

shows only the expected one ie:   :  
ii  inetutils-telnet  2:2.4-2+deb12u2  amd64   telnet client

Additional Information

Note: "Installing the L7P Patch doesn't install the RPMs directly, so once you install the patch through the ssg menu you will then need to install the RPMs individually found in the /opt/SecureSpan/Support/PATCH_NAME" directory."

please proceed with the following KB for 11.x Gateway version to install properly the binary needed.

https://knowledge.broadcom.com/external/article?articleNumber=261304

in summary :

1. after the patch installation from Gateway Ssg Menu need to access to this folder in your Gateway linux server.

/opt/SecureSpan/Support/ 

- on that folder you will find another folder called :  Layer7_API_Gateway_SupportPack_Debian_v11.1-2026-02-22 

2. cd Layer7_API_Gateway_SupportPack_Debian_v11.1-2026-02-22 and run the installer for that support pack :   

install-support-pack.sh

References from where to download the patches : 

CA API Gateway Solutions Patches

need to download the file called : Layer7_API_Gateway_Debian_MPP_v11.1-2026-02-22.zip

Powered by Wolken Software