> Telnet nowadays typically isn’t available by default for security reasons

And with good reason. This CVE is from yesterday:

https://nvd.nist.gov/vuln/detail/CVE-2026-24061

> telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Telnetd is the server though, and OP wouldn’t be using that.