Critical Unpatched Telnetd Vulnerability CVE 2026 32746 Allows Unauthenticated Root RCE

Cybersecurity experts have revealed a serious security weakness affecting the Telnet service implementation in GNU InetUtils. The vulnerability could allow a remote attacker to execute malicious code on vulnerable systems without authentication.

The issue has been assigned the identifier CVE-2026-32746 and has received a CVSS severity score of 9.8, indicating a critical level of risk.

Security researchers warn that the flaw can enable attackers to gain full control of a system if the Telnet daemon runs with administrative privileges.

Buffer Overflow in Telnet Protocol Handling

The vulnerability originates from an out of bounds memory write within the LINEMODE Set Local Characters (SLC) suboption handler used by the Telnet protocol.

This handler manages option negotiation during the connection handshake phase. However, improper memory handling allows specially crafted messages to trigger a buffer overflow, which can be leveraged to execute arbitrary code.

Because the flaw can be triggered before authentication occurs, attackers do not need valid credentials to exploit the system.

The security flaw was discovered by researchers from the Israeli cybersecurity company Dream Security. According to the company, the vulnerability affects all versions of telnetd up to version 2.7.

A security patch is expected to be released by April 1, 2026.


Attack Method and Exploitation

Researchers explained that an attacker can exploit the flaw by initiating a connection to the Telnet service and sending specially crafted protocol messages during the option negotiation stage.

Specifically, attackers can connect to TCP port 23, which is commonly used for Telnet communication, and deliver a malicious SLC suboption containing numerous triplets.

Because the vulnerability occurs before the login prompt appears, authentication is not required.

Once triggered, the overflow can corrupt system memory and potentially allow attackers to manipulate memory operations. This behavior may lead to remote code execution on the target system.

In many deployments, telnetd operates with root privileges, meaning a successful exploit could give attackers complete administrative access.

Potential Impact of the Vulnerability

If exploited successfully, the vulnerability could result in a full system compromise.

Attackers gaining root level access may perform various malicious actions, including:

  • Installing persistent backdoors
  • Stealing sensitive data
  • Moving laterally across internal networks
  • Using the compromised host as a pivot point to attack additional systems

Because Telnet is often used in legacy infrastructure or embedded systems, many environments may remain vulnerable until patches are applied.

Temporary Security Mitigations

Since a patch has not yet been released, security experts recommend implementing temporary mitigation measures.

Organizations should consider the following precautions:

  • Disable the Telnet service if it is not required
  • Avoid running telnetd with root privileges where possible
  • Block port 23 at firewall or network perimeter levels
  • Restrict Telnet access using network segmentation and access controls

These measures can significantly reduce the attack surface until the official patch becomes available.

Previous Telnetd Vulnerability Already Exploited

This discovery comes shortly after another critical flaw was identified in the same Telnet implementation.

The earlier vulnerability, CVE-2026-24061, also carried a CVSS score of 9.8.

According to Cybersecurity and Infrastructure Security Agency, attackers have already begun actively exploiting that vulnerability in real world attacks.

The existence of multiple severe vulnerabilities highlights the risks associated with using legacy remote access protocols such as Telnet.




Found this article interesting? Follow us on  X (Twitter) FacebookBlue sky and LinkedIn to read more exclusive content we post.