Ethical Hacking News
A critical security flaw has been discovered in GNU InetUtils telnetd that allows an unauthenticated remote attacker to execute arbitrary code with elevated privileges. The vulnerability, tracked as CVE-2026-32746, carries a CVSS score of 9.8 out of 10.0 and is expected to be patched by April 1, 2026.
A critical security flaw (CVE-2026-32746) has been disclosed in the Telnet service implementation through version 2.7, allowing arbitrary code execution with elevated privileges.The vulnerability can be triggered by sending a specially crafted message during the initial connection handshake and affects all versions of the Telnet service up to 2.7.The flaw allows an attacker to execute remote code execution as root without requiring any authentication or user interaction, posing significant security implications.A fix is expected to be available by April 1, 2026, and mitigation measures include disabling the service, running it without root privileges, blocking port 23, and isolating access.This vulnerability is not an isolated incident, with a similar critical security flaw discovered two months ago (CVE-2026-24061) that has been exploited in the wild.
A critical security flaw has been disclosed by Israeli cybersecurity firm Dream, which could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges. The vulnerability, tracked as CVE-2026-32746, carries a CVSS score of 9.8 out of 10.0 and has been described as a case of out-of-bounds write in the LINEMODE Set Local Characters (SLC) suboption handler that results in a buffer overflow, ultimately paving the way for code execution.
The vulnerability affects all versions of the Telnet service implementation through version 2.7, according to Dream. A fix for the vulnerability is expected to be available no later than April 1, 2026. The Israeli cybersecurity firm highlighted that the flaw can be triggered by sending a specially crafted message during the initial connection handshake — before any login prompt appears.
This vulnerability has significant implications as it allows an attacker to execute remote code execution as root without requiring any authentication or user interaction. A single network connection to port 23 is sufficient to trigger the vulnerability, and no credentials or special network position are required. This means that even if telnetd runs with root privileges, a successful exploit could result in complete system compromise, opening the door to various post-exploitation actions such as deploying persistent backdoors, data exfiltration, and lateral movement by using compromised hosts as pivot points.
The vulnerability has been described by Dream security researcher Adiel Sol as follows: "An unauthenticated attacker can trigger it by connecting to port 23 and sending a crafted SLC suboption with many triplets. No login is required; the bug is hit during option negotiation, before the login prompt. The overflow corrupts memory and can be turned into arbitrary writes. In practice, this can lead to remote code execution. Because telnetd usually runs as root (e.g., under inetd or xinetd), a successful exploit would give the attacker full control of the system."
To mitigate the risk associated with this vulnerability, Dream recommends several measures. Firstly, disabling the service if it is not necessary can help prevent exploitation. Secondly, running telnetd without root privileges where required can limit the impact of an exploit. Thirdly, blocking port 23 at both the network perimeter and host-based firewall level can restrict access to the vulnerable service. Finally, isolating Telnet access can further reduce the risk.
This vulnerability is not an isolated incident in the GNU InetUtils telnetd family of vulnerabilities. A similar critical security flaw was disclosed two months ago (CVE-2026-24061) that could be leveraged to gain root access to a target system. The vulnerability has since come under active exploitation in the wild, according to the U.S. Cybersecurity and Infrastructure Security Agency.
The discovery of this vulnerability highlights the importance of keeping software up-to-date and applying patches as soon as they become available. It also underscores the need for organizations to implement robust security controls to prevent exploitation of vulnerabilities.
In conclusion, the critical vulnerability in GNU InetUtils telnetd is a significant security concern that requires immediate attention from system administrators and organizations with exposed Telnet services. By following best practices such as disabling the service when not needed, running it without root privileges, blocking port 23, isolating access, and applying patches, organizations can minimize their exposure to this vulnerability.
Related Information:
https://www.ethicalhackingnews.com/articles/Critical-Vulnerability-in-GNU-InetUtils-Telnetd-Flawed-by-Israeli-Cybersecurity-Firm-Dream-ehn.shtml
Published: Wed Mar 18 02:01:42 2026 by llama3.2 3B Q4_K_M
