Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Researchers warn of unpatched, critical Telnetd flaw affecting all versions

CVE-2026-32746 is a critical flaw in GNU InetUtils telnetd that allows remote attackers to execute code with elevated privileges Cybersecurity company Dream disclosed a critical flaw, tracked as CVE-2026-32746 (CVSS score of 9.8), in GNU InetUtils telnetd that lets unauthenticated remote attackers execute code with elevated privileges. The issue stems from an out-of-bounds write in […]

TELNETD Linux RAT

CVE-2026-32746 is a critical flaw in GNU InetUtils telnetd that allows remote attackers to execute code with elevated privileges

Cybersecurity company Dream disclosed a critical flaw, tracked as CVE-2026-32746 (CVSS score of 9.8), in GNU InetUtils telnetd that lets unauthenticated remote attackers execute code with elevated privileges. The issue stems from an out-of-bounds write in the LINEMODE handler, causing a buffer overflow.

The flaw affects all versions up to 2.7. A patch is expected by April 1, 2026, and users are urged to update as soon as it becomes available.

GNU InetUtils telnetd is a server component of GNU InetUtils that provides remote login access via the Telnet protocol. It allows users to connect to a system over a network and run commands remotely, though it’s largely outdated and insecure compared to modern alternatives like SSH.

“Dream Security uncovered a new buffer overflow vulnerability (CVE-2026-32746) in the GNU Inetutils telnetd daemon, specifically in the code that handles LINEMODE SLC (Set Local Characters) option negotiation.” reads the report published by Dream Security. “An unauthenticated remote attacker can exploit this by sending a specially crafted message during the initial connection handshake — before any login prompt appears. Successful exploitation can result in remote code execution as root. An initial report was sent to the GNU Inetutils security team following the discovery.”

The experts warn of the trivial exploitation of this issue, which can lead to complete system compromise.

Any system running vulnerable GNU Inetutils telnetd is affected, including Linux distributions, IoT devices, and legacy OT/ICS environments using Telnet. The flaw can be triggered remotely during the initial connection by sending a crafted request, requiring no authentication or user interaction, making exploitation straightforward and highly dangerous.

“Because  telnetd  typically runs as root (via  inetd  or  xinetd ), successful exploitation yields complete host compromise, including but not limited to:

  • Arbitrary remote code execution as root
  • Persistent backdoor installation
  • Sensitive data exfiltration
  • Use of the host as a pivot point for further network intrusion

A single network connection to port 23 is sufficient to trigger the vulnerability. No credentials, no user interaction, and no special network position are required.” continues the advisory.

Experts recommend disabling Telnet services until a fix is available. To mitigate risk, block port 23, restrict access, and avoid running it as root. Enable network-level logging, packet capture, and IDS monitoring to detect exploitation attempts, and store logs centrally.

Dream researchers warn that, despite being outdated and insecure, Telnet is still widely used in ICS/OT and government systems with legacy infrastructure, where upgrades are costly or impractical, making these environments especially vulnerable to severe real-world impacts.

In January 2026, security researcher Kyu Neushwaistein (aka Carlos Cortes Alvarez) reported another critical vulnerability, tracked as CVE-2026-24061 (CVSS score of 9.8), in the GNU InetUtils telnet daemon (telnetd) that impacts all versions from 1.9.3 to 2.7.

The vulnerability can be exploited to gain root access on affected systems. The vulnerability was introduced as part of a source code commit made on March 19, 2015. The flaw remained undiscovered for nearly 11 years, posing long-standing security risks.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, GNU InetUtils telnetd)