Cybersecurity experts have revealed a serious security weakness affecting the Telnet service implementation in GNU InetUtils. The vulnerability could allow a remote attacker to execute malicious code on vulnerable systems without authentication.
The issue has been assigned the identifier CVE-2026-32746 and has received a CVSS severity score of 9.8, indicating a critical level of risk.
Security researchers warn that the flaw can enable attackers to gain full control of a system if the Telnet daemon runs with administrative privileges.
Buffer Overflow in Telnet Protocol Handling
The vulnerability originates from an out of bounds memory write within the LINEMODE Set Local Characters (SLC) suboption handler used by the Telnet protocol.
This handler manages option negotiation during the connection handshake phase. However, improper memory handling allows specially crafted messages to trigger a buffer overflow, which can be leveraged to execute arbitrary code.
Because the flaw can be triggered before authentication occurs, attackers do not need valid credentials to exploit the system.
The security flaw was discovered by researchers from the Israeli cybersecurity company Dream Security. According to the company, the vulnerability affects all versions of telnetd up to version 2.7.
A security patch is expected to be released by April 1, 2026.
Attack Method and Exploitation
Researchers explained that an attacker can exploit the flaw by initiating a connection to the Telnet service and sending specially crafted protocol messages during the option negotiation stage.
Specifically, attackers can connect to TCP port 23, which is commonly used for Telnet communication, and deliver a malicious SLC suboption containing numerous triplets.
Because the vulnerability occurs before the login prompt appears, authentication is not required.
Once triggered, the overflow can corrupt system memory and potentially allow attackers to manipulate memory operations. This behavior may lead to remote code execution on the target system.
In many deployments, telnetd operates with root privileges, meaning a successful exploit could give attackers complete administrative access.
Potential Impact of the Vulnerability
If exploited successfully, the vulnerability could result in a full system compromise.
Attackers gaining root level access may perform various malicious actions, including:
- Installing persistent backdoors
- Stealing sensitive data
- Moving laterally across internal networks
- Using the compromised host as a pivot point to attack additional systems
Because Telnet is often used in legacy infrastructure or embedded systems, many environments may remain vulnerable until patches are applied.
Temporary Security Mitigations
Since a patch has not yet been released, security experts recommend implementing temporary mitigation measures.
Organizations should consider the following precautions:
- Disable the Telnet service if it is not required
- Avoid running telnetd with root privileges where possible
- Block port 23 at firewall or network perimeter levels
- Restrict Telnet access using network segmentation and access controls
These measures can significantly reduce the attack surface until the official patch becomes available.
Previous Telnetd Vulnerability Already Exploited
This discovery comes shortly after another critical flaw was identified in the same Telnet implementation.
The earlier vulnerability, CVE-2026-24061, also carried a CVSS score of 9.8.
According to Cybersecurity and Infrastructure Security Agency, attackers have already begun actively exploiting that vulnerability in real world attacks.
The existence of multiple severe vulnerabilities highlights the risks associated with using legacy remote access protocols such as Telnet.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.


