Cybersecurity researchers have disclosed a crucial security flaw impacting the GNU InetUtils telnet daemon (telnetd) that might be exploited by an unauthenticated distant attacker to execute arbitrary code with elevated privileges.
The vulnerability, tracked as CVE-2026-32746, carries a CVSS rating of 9.8 out of 10.0. It has been described as a case of out-of-bounds write within the LINEMODE Set Native Characters (SLC) suboption handler that ends in a buffer overflow, in the end paving the best way for code execution.
Israeli cybersecurity firm Dream, which found and reported the flaw on March 11, 2026, mentioned it impacts all variations of the Telnet service implementation via 2.7. A repair for the vulnerability is anticipated to be obtainable no later than April 1, 2026.
“An unauthenticated distant attacker can exploit this by sending a specifically crafted message through the preliminary connection handshake — earlier than any login immediate seems,” Dream mentioned in an alert. “Profitable exploitation may end up in distant code execution as root.”
“A single community connection to port 23 is adequate to set off the vulnerability. No credentials, no person interplay, and no particular community place are required.”
The SLC handler, per Dream, processes choice negotiation through the Telnet protocol handshake. However on condition that the flaw may be triggered earlier than authentication, an attacker can weaponize it instantly after establishing a connection by sending specifically crafted protocol messages.
Profitable exploitation may lead to full system compromise if telnetd runs with root privileges. This, in flip, may open the door to varied post-exploitation actions, together with the deployment of persistent backdoors, information exfiltration, and lateral motion through the use of the compromised hosts as pivot factors.
“An unauthenticated attacker can set off it by connecting to port 23 and sending a crafted SLC suboption with many triplets,” in keeping with Dream security researcher Adiel Sol.
“No login is required; the bug is hit throughout choice negotiation, earlier than the login immediate. The overflow corrupts reminiscence and may be was arbitrary writes. In apply, this will result in distant code execution. As a result of telnetd often runs as root (e.g., beneath inetd or xinetd), a profitable exploit would give the attacker full management of the system.”
Within the absence of a repair, it is suggested to disable the service if it isn’t obligatory, run telnetd with out root privileges the place required, block port 23 on the community perimeter and host-based firewall degree to limit entry, and isolate Telnet entry.
The disclosure comes almost two months after one other crucial security flaw was disclosed in GNU InetUtils telnetd (CVE-2026-24061, CVSS rating: 9.8) that might be leveraged to realize root entry to a goal system. The vulnerability has since come beneath lively exploitation within the wild, per the U.S. Cybersecurity and Infrastructure Safety Company.
