LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-32746

CVE-2026-32746 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 13, 2026

GNU inetutils telnetd - Buffer Overflow

Published: March 13, 2026Updated: March 13, 2026Remote Exploitable

Overview

GNU inetutils telnetd <= 2.7 contains a buffer overflow caused by lack of bounds checking in the LINEMODE SLC suboption handler, letting remote attackers perform out-of-bounds write, exploit requires network access to telnetd service.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Remote attackers can perform out-of-bounds write, potentially leading to code execution or service crash.

Mitigation

Update to a version later than 2.7 or the latest available version.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 13, 2026

šŸ”“ CVE-2026-32746 - Critical (9.8) telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-32746/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 13, 2026

šŸ”“ CVE-2026-32746 - Critical (9.8) telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-32746/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 13, 2026

šŸ”“ CVE-2026-32746 - Critical (9.8) telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-32746/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 13, 2026

šŸ”“ CVE-2026-32746 - Critical (9.8) telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-32746/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-32746
Severity
Critical
CVSS Score
9.8
Type
buffer_overflow
Status
new
EPSS
0.0%
Social Posts
4

CWE

  • CWE-120

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days