A critical vulnerability in the GNU inetutils telnetd implementation enables remote code execution as root, allowing attackers to gain full control of affected systems without authentication. Tracked as CVE-2026-32746, this flaw has a CVSS rating of 9.8, indicating a highly severe threat. The vulnerability is particularly concerning because it affects a widely deployed protocol found in legacy infrastructure, networking equipment, and embedded systems. Although Telnet has largely been replaced by SSH in modern environments, its continued presence in older systems expands the active attack surface. Security researchers at Dream Security have warned that attackers can exploit this vulnerability to take control of affected systems before authentication occurs1. This vulnerability matters to practitioners because it highlights the need to prioritize patching and mitigation efforts based on exposure and exploitation evidence, particularly in environments where Telnet is still in use.