Cybersecurity experts have revealed a significant vulnerability in the GNU InetUtils telnet daemon (telnetd) that permits unauthenticated remote attackers to execute arbitrary code with elevated privileges. This flaw, identified as CVE-2026-32746, boasts a CVSS score of 9.8, underscoring its severity.
Understanding the Vulnerability
Tracked under CVE-2026-32746, this issue arises from an out-of-bounds write in the LINEMODE Set Local Characters (SLC) suboption handler, causing a buffer overflow. Such a flaw could lead to arbitrary code execution, posing a critical risk to affected systems.
Israeli cybersecurity firm Dream, which identified and reported the issue on March 11, 2026, stated that all versions of the Telnet service up to 2.7 are impacted. A patch is anticipated by April 1, 2026, to address this vulnerability.
Potential Impact and Exploitation
The flaw can be exploited during the initial connection handshake, prior to any login prompts, allowing attackers to execute remote code as root. This is achieved by sending a specifically crafted message to port 23. Notably, this does not require any credentials or user interaction.
Dream explains that the vulnerability manifests during option negotiation in the Telnet protocol handshake, allowing attackers immediate exploitation post-connection by dispatching crafted protocol messages. If exploited successfully, it could lead to complete system compromise, enabling malicious activities such as installing persistent backdoors, data theft, and lateral movement using the compromised system.
Mitigation Strategies
In light of the absence of a fix, security experts advise disabling Telnet services if not essential, running telnetd without root privileges, blocking port 23 at network perimeters, and using firewall rules to limit access. Isolating Telnet access is also recommended to mitigate potential risks.
This disclosure follows another critical vulnerability in GNU InetUtils telnetd (CVE-2026-24061) reported two months prior, which has been actively exploited, according to the U.S. Cybersecurity and Infrastructure Security Agency. The recurrence of such vulnerabilities highlights the need for vigilant security practices and timely updates.
