Ethical Hacking News
Researchers have warned of a critical Telnetd flaw that affects all versions of GNU InetUtils telnetd, allowing remote attackers to execute code with elevated privileges. This vulnerability has been rated 9.8 on the CVSS scale and can be exploited by sending a specially crafted message during the initial connection handshake.
The GNU InetUtils telnetd has a critical vulnerability (CVE-2026-32746) rated 9.8, allowing remote code execution as root. The vulnerability can be exploited through an out-of-bounds write in the LINEMODE handler, causing a buffer overflow. Any system running vulnerable GNU InetUtils telnetd is affected, including Linux distributions, IoT devices, and legacy OT/ICS environments. Disabling Telnet services, blocking port 23, restricting access, and enabling network-level logging are recommended measures to mitigate the risk.
Researchers have sounded the alarm on a critical vulnerability in the GNU InetUtils telnetd, which affects all versions of the software. This security flaw, designated as CVE-2026-32746, has been rated with a CVSS score of 9.8, indicating its potential severity and impact. The vulnerability stems from an out-of-bounds write in the LINEMODE handler, causing a buffer overflow that can be exploited by remote attackers to execute code with elevated privileges.
According to Dream Security, a cybersecurity company that discovered this flaw, it was found in the GNU InetUtils telnetd daemon. The issue lies in the code that handles the LINEMODE SLC (Set Local Characters) option negotiation. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted message during the initial connection handshake, which occurs before any login prompt appears. Once the attacker has successfully exploited the vulnerability, they can gain root access to the affected system.
This vulnerability is particularly concerning because it allows for remote code execution as root, persistent backdoor installation, sensitive data exfiltration, and the use of the host as a pivot point for further network intrusion. The fact that no credentials, user interaction, or special network position are required makes exploitation straightforward and highly dangerous.
The experts at Dream Security warn that any system running vulnerable GNU InetUtils telnetd is affected, including Linux distributions, IoT devices, and legacy OT/ICS environments using Telnet. These systems are particularly susceptible to severe real-world impacts due to their widespread use in ICS/OT environments with legacy infrastructure where upgrades are costly or impractical.
The impact of this vulnerability cannot be overstated. The telnetd daemon is a server component of GNU InetUtils that provides remote login access via the Telnet protocol, which allows users to connect to a system over a network and run commands remotely. However, it's largely outdated and insecure compared to modern alternatives like SSH.
To mitigate this risk, experts recommend disabling Telnet services until a fix is available. Blocking port 23, restricting access, and avoiding running telnetd as root are also recommended measures. Enabling network-level logging, packet capture, and IDS monitoring can help detect exploitation attempts, and storing logs centrally will aid in post-exploitation analysis.
The discovery of this vulnerability serves as a reminder that even seemingly outdated or insecure technologies still pose significant security risks. The fact that the flaw remained undiscovered for nearly 11 years highlights the importance of ongoing monitoring and testing to identify vulnerabilities before they can be exploited by attackers.
As with any critical security issue, users are urged to update their systems as soon as possible. In the meantime, it's essential for system administrators and network operators to take proactive steps to secure their systems against this vulnerability.
In light of this discovery, cybersecurity professionals will need to stay vigilant and adapt their strategies to address the evolving threat landscape.
Related Information:
https://www.ethicalhackingnews.com/articles/Risky-Business-Unpatched-Telnetd-Flaw-Exposed-Leaving-Systems-Vulnerable-to-Remote-Exploitation-ehn.shtml
https://securityaffairs.com/189620/hacking/researchers-warn-of-unpatched-critical-telnetd-flaw-affecting-all-versions.html
https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html
https://cybersecuritynews.com/telnetd-vulnerability-enables-remote-attack/
https://nvd.nist.gov/vuln/detail/CVE-2026-32746
https://www.cvedetails.com/cve/CVE-2026-32746/
Published: Wed Mar 18 12:05:10 2026 by llama3.2 3B Q4_K_M
