Critical Telnetd Vulnerability (CVE-2026-32746) Exposes Legacy Systems to Remote Code Execution
A severe buffer overflow vulnerability (CVE-2026-32746) has been identified in the GNU InetUtils telnetd daemon, allowing unauthenticated attackers to execute arbitrary code with root privileges. The flaw, rated 9.8 (CVSS 3.1), was discovered by Dream Security Labs and affects all versions of the software up to 2.7.
The vulnerability stems from improper handling of LINEMODE SLC (Set Local Characters) option negotiation during the initial connection handshake. By sending a maliciously crafted message with an excessive triplet count over TCP port 23, attackers can trigger a buffer overflow before authentication occurs meaning no credentials or user interaction are required. Since telnetd typically runs with root privileges, successful exploitation grants full system compromise, enabling backdoor deployment, data exfiltration, or lateral movement within a network.
While modern IT environments have largely replaced Telnet with SSH, the protocol persists in legacy Industrial Control Systems (ICS), operational technology (OT), and government networks, including PLCs, SCADA systems, and embedded devices where upgrades are costly or operationally disruptive. This makes the flaw particularly dangerous for critical infrastructure, such as power grids, water treatment facilities, and manufacturing plants, where security modernization is slow and exposed systems remain common.
Mitigation efforts include disabling telnetd where possible, blocking port 23 at the network perimeter, restricting access to trusted IPs, and running the daemon without root privileges. Detection requires network-level monitoring, as standard logs won’t capture the attack. Security teams should configure firewalls to log all port 23 connections and deploy IDS/IPS solutions (e.g., Suricata, Snort) to flag LINEMODE SLC payloads exceeding 90 bytes. No active exploitation has been confirmed, but the flaw’s severity demands immediate action.
Source: https://gbhackers.com/critical-telnetd-vulnerability/
GNU Project cybersecurity rating report: https://www.rankiteo.com/company/gnu-project
"id": "GNU1773836738",
"linkid": "gnu-project",
"type": "Vulnerability",
"date": "3/2026",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'industry': 'Critical Infrastructure',
'type': 'Industrial Control Systems (ICS)'},
{'industry': 'Critical Infrastructure',
'type': 'Operational Technology (OT)'},
{'industry': 'Government',
'type': 'Government Networks'},
{'industry': 'Manufacturing, Power Grids, Water '
'Treatment',
'type': 'PLCs, SCADA Systems, Embedded Devices'}],
'attack_vector': 'Network',
'data_breach': {'data_exfiltration': 'Possible (if exploited)'},
'description': 'A severe buffer overflow vulnerability (CVE-2026-32746) has '
'been identified in the GNU InetUtils telnetd daemon, allowing '
'unauthenticated attackers to execute arbitrary code with root '
'privileges. The flaw affects all versions of the software up '
'to 2.7 and stems from improper handling of LINEMODE SLC '
'option negotiation during the initial connection handshake. '
'Successful exploitation grants full system compromise, '
'enabling backdoor deployment, data exfiltration, or lateral '
'movement within a network.',
'impact': {'operational_impact': 'Full system compromise, backdoor '
'deployment, data exfiltration, lateral '
'movement',
'systems_affected': 'Legacy Industrial Control Systems (ICS), '
'operational technology (OT), government '
'networks, PLCs, SCADA systems, embedded '
'devices'},
'post_incident_analysis': {'root_causes': 'Improper handling of LINEMODE SLC '
'option negotiation in GNU '
'InetUtils telnetd'},
'recommendations': ['Disable telnetd where possible',
'Block port 23 at the network perimeter',
'Restrict access to trusted IPs',
'Run telnetd without root privileges',
'Deploy IDS/IPS solutions to monitor LINEMODE SLC '
'payloads'],
'references': [{'source': 'Dream Security Labs'}],
'response': {'containment_measures': ['Disable telnetd where possible',
'Block port 23 at the network perimeter',
'Restrict access to trusted IPs',
'Run telnetd without root privileges'],
'enhanced_monitoring': ['Configure firewalls to log all port 23 '
'connections',
'Deploy IDS/IPS solutions (e.g., '
'Suricata, Snort) to flag LINEMODE SLC '
'payloads exceeding 90 bytes']},
'title': 'Critical Telnetd Vulnerability (CVE-2026-32746) Exposes Legacy '
'Systems to Remote Code Execution',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'CVE-2026-32746 (Buffer Overflow in GNU InetUtils '
'telnetd)'}