Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
Summary
A critical security vulnerability (CVE-2026-32746) has been disclosed in the GNU InetUtils telnet daemon (telnetd). This flaw allows unauthenticated remote attackers to execute arbitrary code with root privileges by exploiting an out-of-bounds write vulnerability when LINEMODE is enabled.
IFF Assessment
This vulnerability allows unauthenticated remote attackers to gain root access, making it a significant threat to systems running the affected telnet daemon.
Severity
Defender Context
This critical unpatched flaw in telnetd presents a severe risk, allowing unauthenticated remote attackers to achieve root-level code execution. Defenders should immediately audit their systems for the presence of vulnerable telnetd instances and consider disabling or replacing the service if possible, as unpatched systems remain highly susceptible to exploitation.