CVE-2026-32746 - Vulnerability Analysis

Overview

GNU inetutils telnetd <= 2.7 contains a buffer overflow caused by lack of bounds checking in the LINEMODE SLC suboption handler, letting remote attackers perform out-of-bounds write, exploit requires network access to telnetd service.

Severity & Score

Impact

Remote attackers can perform out-of-bounds write, potentially leading to code execution or service crash.

Mitigation

Update to a version later than 2.7 or the latest available version.

References

• https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.html
• https://www.openwall.com/lists/oss-security/2026/03/12/4
• http://www.openwall.com/lists/oss-security/2026/03/14/1

Social Media Activity(2 posts)

/r/netsec

@_r_netsec

Apr 17, 2026

A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746) - watchTowr Labs https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/

View original post

/r/netsec

@_r_netsec

Apr 17, 2026

CVE-2026-32746 GNU telnetd Buffer Overflow PoC - Critical (9.8) https://pwn.guide/free/other/cve-2026-32746

View original post

GitHub Repositories(6 repos)

• https://github.com/watchtowrlabs/watchtowr-vs-telnetd-CVE-2026-32746
• https://github.com/danindiana/cve-2026-32746-mitigation
• https://github.com/ekomsSavior/telnet_scan
• https://github.com/duduLiu8787/CVE-2026-32746-Exploit
• https://github.com/chosenonehacks/CVE-2026-32746
• https://github.com/jeffaf/cve-2026-32746

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner