Researchers warn of unpatched, critical Telnetd flaw affecting all versions
Researchers warn of unpatched, critical Telnetd flaw affecting all versions
Publish Date: 2026-03-18 11:39:00
Source Domain: securityaffairs.com
Researchers warn of unpatched, critical Telnetd flaw affecting all versions
Pierluigi Paganini
March 18, 2026
CVE-2026-32746 is a critical flaw in GNU InetUtils telnetd that allows remote attackers to execute code with elevated privileges
Cybersecurity company Dream disclosed a critical flaw, tracked as CVE-2026-32746 (CVSS score of 9.8), in GNU InetUtils telnetd that lets unauthenticated remote attackers execute code with elevated privileges. The issue stems from an out-of-bounds write in the LINEMODE handler, causing a buffer overflow.
The flaw affects all versions up to 2.7. A patch is expected by April 1, 2026, and users are urged to update as soon as it becomes available.
GNU InetUtils telnetd is a server component of GNU InetUtils that provides remote login access via the Telnet protocol. It allows users to connect to a system over a network and run commands remotely, though it’s largely outdated and insecure compared to modern alternatives like SSH.
“Dream Security uncovered a new buffer overflow vulnerability (CVE-2026-32746) in the GNU Inetutils telnetd daemon, specifically in the code that handles LINEMODE SLC (Set Local Characters) option negotiation.” reads the report published by Dream Security. “An unauthenticated remote attacker can exploit this by sending a specially crafted message during the initial connection handshake — before any login prompt appears. Successful exploitation can result in remote code execution as root. An initial report was sent to the GNU Inetutils security team following the discovery.”
The experts warn of the trivial exploitation of this issue, which can lead to complete system compromise.
Any system running vulnerable GNU Inetutils telnetd is affected, including Linux distributions, IoT devices, and legacy OT/ICS environments using Telnet. The flaw can be triggered remotely during the initial connection by sending…
