Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23

Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23 Ravie LakshmananMar 18, 2026Vulnerability / Data Protection Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges. The vulnerability, tracked as CVE-2026-32746, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of out-of-bounds write in the LINEMODE Set Local Characters (SLC) suboption handler that results in a buffer overflow, ultimately paving the way for code execution. Israeli cybersecurity company Dream, which discovered and reported the flaw on March 11, 2026, said it affects all versions of the Telnet service implementation through 2.7. A fix for the vulnerability is expected to be available no later than April 1, 2026. "An unauthenticated remote attacker can exploit this by sending a specially crafted message during the initial connection handshake — before any login prompt appears," Dream said in an alert. "Successful exploitation can result in remote code execution as root." "A single network connection to port 23 is sufficient to trigger the vulnerability. No credentials, no user interaction, and no special network position are required." The SLC handler, per Dream, processes option negotiation during the Telnet protocol handshake. But given that the flaw can be triggered before authentication, an attacker can weaponize it immediately after establishing a connection by sending specially crafted protocol messages. Successful exploitation could result in complete system compromise if telnetd runs with root privileges. This, in turn, could open the door to various post-exploitation actions, including the deployment of persistent backdoors, data exfiltration, and lateral movement by using the compromised hosts as pivot points. "An unauthenticated attacker can trigger it by connecting to port 23 and sending a crafted SLC suboption with many triplets," according to Dream security researcher Adiel Sol. "No login is required; the bug is hit during option negotiation, before the login prompt. The overflow corrupts memory and can be turned into arbitrary writes. In practice, this can lead to remote code execution. Because telnetd usually runs as root (e.g., under inetd or xinetd), a successful exploit would give the attacker full control of the system." In the absence of a fix, it's advised to disable the service if it's not necessary, run telnetd without root privileges where required, block port 23 at the network perimeter and host-based firewall level to restrict access, and isolate Telnet access. The disclosure comes nearly two months after another critical security flaw was disclosed in GNU InetUtils telnetd (CVE-2026-24061, CVSS score: 9.8) that could be leveraged to gain root access to a target system. The vulnerability has since come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  cybersecurity, data protection, linux, network security, Open Source, remote code execution, system security, Threat Intelligence, Vulnerability Trending News ⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack and Vibe-Coded Malware Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine and More Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries Load More ▼ Popular Resources Read CYBER360 2026: From Zero Trust Limits to Data-Centric Security Paths 19,053 Confirmed Breaches in 2025 – Key Trends and Predictions for 2026 Self-Hosted WAF: Block SQLi, XSS, and Bots Before They Reach Your Apps Identity Controls Checklist: Find Missing Protections in Apps