HomeIntelligenceBrief
🛡️ VULNERABILITY BRIEF🔴 Critical🛡️ Vulnerability

Critical Remote Code Execution in GNU InetUtils Telnetd (CVE-2026-32746) Threatens Legacy Systems

A critical buffer‑overflow (CVE‑2026‑32746) in GNU InetUtils telnetd allows unauthenticated attackers to gain root access via a single network packet. All versions up to 2.7 are vulnerable, putting legacy Linux, IoT, and OT deployments at high risk. TPRM teams must act now to disable Telnet, block port 23, and apply the forthcoming patch.

🛡️ LiveThreat™ Intelligence · 📅 March 19, 2026· 📰 securityaffairs.com
🔴
Severity
Critical
🛡️
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
5 recommended
📰
Source
securityaffairs.com

Critical Remote Code Execution in GNU InetUtils Telnetd (CVE‑2026‑32746) Threatens Legacy Systems

What It Is – A newly disclosed buffer‑overflow (CVE‑2026‑32746) in the LINEMODE handler of GNU InetUtils telnetd permits unauthenticated attackers to execute arbitrary code as root. The flaw scores 9.8 (CVSS v3.1), making it a critical remote‑code‑execution issue.

Exploitability – The vulnerability is trivially exploitable: a single crafted packet to port 23 during the initial handshake can compromise the host. No credentials, user interaction, or privileged network position are required. No public exploit code has been released yet, but proof‑of‑concept (PoC) details are available in the advisory.

Affected Products – All releases of GNU InetUtils telnetd up to 2.7 (including the default telnet daemon in many Linux distributions, IoT firmware, and legacy OT/ICS devices).

TPRM Impact

  • Any third‑party service that still relies on Telnet (e.g., legacy SCADA, embedded devices, or legacy VPN appliances) becomes a direct entry point for supply‑chain compromise.
  • Compromise of a single Telnet host can be leveraged to pivot into the broader network, exposing data and services of downstream vendors.
  • The widespread, cross‑industry use of the daemon amplifies systemic risk for organizations that outsource infrastructure to MSPs or cloud providers still running legacy images.

Recommended Actions

  • Immediately disable Telnet services on all assets and block inbound/outbound traffic on TCP 23 at the perimeter.
  • Inventory all systems running GNU InetUtils telnetd (including embedded/OT devices) and prioritize remediation.
  • Apply the upstream patch as soon as it is released (expected ≤ 1 April 2026); if unavailable, replace telnetd with a secure alternative such as SSH.
  • Enforce network‑level logging and enable IDS/IPS signatures that detect malformed LINEMODE packets.
  • Review privileged service configurations (e.g., inetd/xinetd) to ensure telnetd does not run as root.

Source: SecurityAffairs – Researchers warn of unpatched, critical Telnetd flaw affecting all versions

📰 Original Source
https://securityaffairs.com/189620/hacking/researchers-warn-of-unpatched-critical-telnetd-flaw-affecting-all-versions.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

🛡️

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →