← back
CVE-2026-32746

CVE-2026-32746

CVSS 9.8 CRITICALEPSS 23.7%CWE-120
In short

The telnetd service in GNU inetutils has a critical flaw where it can write data outside its designated memory buffer when handling certain telnet commands. This allows attackers to crash the server or potentially execute malicious code by sending specially crafted telnet requests.

Technical detail

CVE-2026-32746 is a stack-based buffer overflow in the LINEMODE SLC suboption handler of telnetd (GNU inetutils ≤2.7). The add_slc function fails to validate buffer boundaries before writing, enabling remote attackers to trigger out-of-bounds memory writes via crafted telnet protocol messages, resulting in denial of service or code execution without authentication.

Summary generated and translated by AI from the official description.
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
GNU · inetutils
public PoCs found3
githubgithub.com/kaleth4/CVE-2026-327460cve_referencegithub.com/watchtowrlabs/watchtowr-vs-telnetd-CVE-2026-32746unverifiedexploitdbwww.exploit-db.com/exploits/52556unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/watchtowrlabs/watchtowr-vs-telnetd-CVE-2026-32746https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.htmlhttps://www.openwall.com/lists/oss-security/2026/03/12/4http://www.openwall.com/lists/oss-security/2026/03/14/1