{"id":225007,"date":"2026-03-18T11:39:00","date_gmt":"2026-03-18T15:39:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/18\/researchers-warn-of-unpatched-critical-telnetd-flaw-affecting-all-versions\/"},"modified":"2026-03-18T12:30:12","modified_gmt":"2026-03-18T16:30:12","slug":"researchers-warn-of-unpatched-critical-telnetd-flaw-affecting-all-versions","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/18\/researchers-warn-of-unpatched-critical-telnetd-flaw-affecting-all-versions\/","title":{"rendered":"Researchers warn of unpatched, critical Telnetd flaw affecting all versions"},"content":{"rendered":"

Researchers warn of unpatched, critical Telnetd flaw affecting all versions<\/a><\/p>\n

https:\/\/securityaffairs.com\/189620\/hacking\/researchers-warn-of-unpatched-critical-telnetd-flaw-affecting-all-versions.html<\/a><\/p>\n

Publish Date: 2026-03-18 11:39:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

Researchers warn of unpatched, critical Telnetd flaw affecting all versions<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ March 18, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

CVE-2026-32746 is a critical flaw in GNU InetUtils telnetd that allows remote attackers to execute code with elevated privileges <\/h2>\n

Cybersecurity company Dream disclosed a critical flaw, tracked as CVE-2026-32746 (CVSS score of 9.8), in GNU InetUtils telnetd that lets unauthenticated remote attackers execute code with elevated privileges. The issue stems from an out-of-bounds write in the LINEMODE handler, causing a buffer overflow. <\/p>\n

The flaw affects all versions up to 2.7. A patch is expected by April 1, 2026, and users are urged to update as soon as it becomes available.<\/p>\n

GNU InetUtils telnetd is a server component of GNU InetUtils that provides remote login access via the Telnet protocol. It allows users to connect to a system over a network and run commands remotely, though it\u2019s largely outdated and insecure compared to modern alternatives like SSH.<\/p>\n

\u201cDream Security uncovered a new buffer overflow vulnerability (CVE-2026-32746) in the GNU Inetutils\u00a0telnetd\u00a0daemon,\u00a0specifically in the\u00a0code that handles LINEMODE SLC\u00a0(Set Local Characters) option negotiation.\u201d reads the report published by Dream Security. \u201cAn\u00a0unauthenticated remote attacker\u00a0can exploit this by sending a specially crafted message during the initial connection handshake \u2014 before any login prompt appears.\u00a0Successful exploitation can result in remote code execution as root. An initial\u00a0report\u00a0was sent to the GNU Inetutils security team following the discovery.\u201d<\/p>\n

The experts warn of the trivial exploitation of this issue, which can lead to complete system compromise.<\/p>\n

Any system running vulnerable GNU Inetutils telnetd is affected, including Linux distributions, IoT devices, and legacy OT\/ICS environments using Telnet. The flaw can be triggered remotely during the initial connection by sending…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Researchers warn of unpatched, critical Telnetd flaw affecting all versions https:\/\/securityaffairs.com\/189620\/hacking\/researchers-warn-of-unpatched-critical-telnetd-flaw-affecting-all-versions.html Publish Date: 2026-03-18 11:39:00…<\/p>\n","protected":false},"author":1,"featured_media":225008,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2016\/01\/linux-malware.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,32,27],"class_list":["post-225007","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-malware","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/225007"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=225007"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/225007\/revisions"}],"predecessor-version":[{"id":225009,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/225007\/revisions\/225009"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/225008"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=225007"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=225007"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=225007"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}