A critical vulnerability in the GNU InetUtils telnet daemon, identified as CVE-2026-32746, allows unauthenticated attackers to gain root access and execute arbitrary code via port 23. This flaw, which affects the telnetd service, has a CVSS score of 9.8 out of 10.0, indicating a highly severe vulnerability. The issue stems from an out-of-bounds write in the LINEMODE Set, enabling remote code execution with elevated privileges. As this vulnerability is currently unpatched, it poses a significant risk to affected systems. The disclosure of CVE-2026-32746 expands the active attack surface, making it essential for practitioners to prioritize mitigation based on their exposure and exploitation evidence1. This vulnerability matters to security professionals because it highlights the need for urgent patching and mitigation to prevent potential root-level compromises.
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
⚠️ Critical Alert
Why This Matters
CVE-2026-32746 disclosure expands the active attack surface — prioritize based on your exposure and exploitation evidence.
References
- The Hacker News. (2026, March 18). Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23. *The Hacker News*. https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html
Original Source
The Hacker News
Read original →