top of page
Search

Unauthenticated Root RCE Vulnerability in Critical Telnetd Flaw (CVE-2026-32746)

  • Mar 18
  • 2 min read

Key Findings


* Critical unauthenticated remote code execution vulnerability in GNU InetUtils telnetd


* CVE-2026-32746 with CVSS score of 9.8


* Affects all versions through 2.7


* Exploitable by sending crafted message during initial connection handshake


* No authentication required to trigger vulnerability


* Potential for complete system compromise


Background


The vulnerability was discovered by Israeli cybersecurity company Dream on March 11, 2026. It impacts the GNU InetUtils telnet daemon (telnetd) and represents a significant security risk for systems running telnet services. The flaw exists in the LINEMODE Set Local Characters (SLC) suboption handler, which processes protocol negotiation during the initial connection handshake.


Technical Details


The vulnerability stems from an out-of-bounds write in the SLC handler that can be triggered by sending a specially crafted message with multiple protocol option triplets. Because telnetd typically runs with root privileges, a successful exploit can provide an attacker with complete system control. No login credentials or complex network positioning are required - a single connection to port 23 is sufficient to exploit the vulnerability.


Potential Impact


Successful exploitation could enable attackers to:


* Execute arbitrary code with root privileges


* Deploy persistent backdoors


* Exfiltrate sensitive data


* Use compromised systems as network pivot points


Recommended Mitigations


* Disable telnet service if not absolutely necessary


* Run telnetd without root privileges


* Block port 23 at network and host firewall levels


* Isolate and restrict telnet access


* Apply vendor patch when available (expected by April 1, 2026)


Detection


Administrators should monitor for:


* Unexpected connections to port 23


* Suspicious network traffic during telnet protocol negotiation


* Unusual system behavior indicating potential compromise


Sources


  • https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html

  • https://thehackernews.com/2026/03/9-critical-ip-kvm-flaws-enable.html

  • https://securityaffairs.com/189620/hacking/researchers-warn-of-unpatched-critical-telnetd-flaw-affecting-all-versions.html

  • https://www.instagram.com/p/DWA58kkD-SY/

  • https://www.facebook.com/thehackernews/posts/%EF%B8%8F-warning-an-unpatched-critical-telnetd-bug-cve-2026-32746-lets-attackers-gain-f/1320184686812778/

  • https://x.com/RoryCrave/status/2034154699046162862

  • https://www.reddit.com/r/SecOpsDaily/comments/1rwvsxg/critical_unpatched_telnetd_flaw_cve202632746/

Recent Posts

See All

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page