A critical out-of-bounds write in the LINEMODE Set Local Characters (SLC) handler of the GNU InetUtils telnet daemon (telnetd) — tracked as CVE-2026-32746 with a CVSS score of 9.8 — can be exploited by an unauthenticated remote attacker to achieve root code execution during the initial Telnet handshake. Dream disclosed the flaw affecting all telnetd versions through 2.7 and advised disabling Telnet, running telnetd without root, and blocking port 23 until a patch is available. #GNUInetUtils #CVE202632746
Keypoints
- An out-of-bounds write in the LINEMODE SLC handler of telnetd enables a buffer overflow and arbitrary code execution.
- The vulnerability is tracked as CVE-2026-32746 with a CVSS score of 9.8 and affects GNU InetUtils telnetd through version 2.7.
- An unauthenticated attacker can exploit the flaw during the Telnet option negotiation by sending a crafted SLC suboption to port 23.
- Successful exploitation can grant root privileges, allowing backdoors, data exfiltration, and lateral movement.
- Recommended mitigations include disabling Telnet, running telnetd without root, blocking port 23, and isolating Telnet access until a fix is released.
Read More: https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html