Cybersecurity researchers have disclosed a crucial safety flaw impacting the GNU InetUtils telnet daemon (telnetd) that may very well be exploited by an unauthenticated distant attacker to execute arbitrary code with elevated privileges.
The vulnerability, tracked as CVE-2026-32746, carries a CVSS rating of 9.8 out of 10.0. It has been described as a case of out-of-bounds write within the LINEMODE Set Native Characters (SLC) suboption handler that ends in a buffer overflow, in the end paving the way in which for code execution.
Israeli cybersecurity firm Dream, which found and reported the flaw on March 11, 2026, mentioned it impacts all variations of the Telnet service implementation via 2.7. A repair for the vulnerability is anticipated to be out there no later than April 1, 2026.
“An unauthenticated distant attacker can exploit this by sending a specifically crafted message through the preliminary connection handshake — earlier than any login immediate seems,” Dream mentioned in an alert. “Profitable exploitation can lead to distant code execution as root.”
“A single community connection to port 23 is adequate to set off the vulnerability. No credentials, no person interplay, and no particular community place are required.”
The SLC handler, per Dream, processes choice negotiation through the Telnet protocol handshake. However on condition that the flaw may be triggered earlier than authentication, an attacker can weaponize it instantly after establishing a connection by sending specifically crafted protocol messages.
Profitable exploitation may end in full system compromise if telnetd runs with root privileges. This, in flip, may open the door to varied post-exploitation actions, together with the deployment of persistent backdoors, knowledge exfiltration, and lateral motion through the use of the compromised hosts as pivot factors.
“An unauthenticated attacker can set off it by connecting to port 23 and sending a crafted SLC suboption with many triplets,” in keeping with Dream safety researcher Adiel Sol.
“No login is required; the bug is hit throughout choice negotiation, earlier than the login immediate. The overflow corrupts reminiscence and may be changed into arbitrary writes. In apply, this could result in distant code execution. As a result of telnetd normally runs as root (e.g., beneath inetd or xinetd), a profitable exploit would give the attacker full management of the system.”
Within the absence of a repair, it is suggested to disable the service if it isn’t essential, run telnetd with out root privileges the place required, block port 23 on the community perimeter and host-based firewall stage to limit entry, and isolate Telnet entry.
The disclosure comes practically two months after one other crucial safety flaw was disclosed in GNU InetUtils telnetd (CVE-2026-24061, CVSS rating: 9.8) that may very well be leveraged to achieve root entry to a goal system. The vulnerability has since come beneath energetic exploitation within the wild, per the U.S. Cybersecurity and Infrastructure Safety Company.
Elevate your perspective with NextTech Information, the place innovation meets perception.
Uncover the most recent breakthroughs, get unique updates, and join with a worldwide community of future-focused thinkers.
Unlock tomorrow’s tendencies at present: learn extra, subscribe to our e-newsletter, and change into a part of the NextTech group at NextTech-news.com
