Critical Telnetd Vulnerability Enables Remote Attacker to Execute Arbitrary Code via Port 23

Home Cyber Security News Critical Telnetd Vulnerability Enables Remote Attacker to Execute Arbitrary Code via Port... A critical buffer overflow vulnerability in the GNU Inetutils telnetd daemon. Tracked as CVE-2026-32746, this flaw allows an unauthenticated remote attacker to execute arbitrary code and gain root access to affected systems. The vulnerability requires zero user interaction and possesses a highly trivial exploitation path, prompting an urgent warning for defenders managing legacy infrastructure. According to Dream Security Research, the core issue stems from how the telnetd daemon handles LINEMODE SLC (Set Local Characters) option negotiation. An attacker can trigger the classic buffer overflow by sending a specially crafted message during the initial connection handshake. Because this occurs before any authentication prompt appears, the exploit requires no valid credentials. Dream Security researchers reported the vulnerability to the GNU Inetutils team on March 11, 2026. Telnetd Vulnerability Enables Remote Attack Maintainers quickly confirmed the finding and approved a patch, though the official release is not expected until April 1, 2026. While active exploitation has not been observed in the wild, the attack’s low complexity demands immediate defensive action. While modern IT networks have largely deprecated Telnet in favor of SSH, the plaintext protocol remains heavily entrenched in Industrial Control Systems (ICS), operational technology (OT), and government environments. Aging programmable logic controllers (PLCs) and SCADA systems frequently rely on Telnet as their exclusive remote management interface. Upgrading these systems is notoriously expensive and operationally disruptive, forcing organizations to accept long-term exposure. Because the telnetd service typically runs as root via inetd or xinetd, a successful exploit yields total host compromise. Attackers can install persistent backdoors, steal sensitive operational data, or use the breached device as a pivot point to launch deeper attacks against physical manufacturing lines, water treatment facilities, or power grids. With a formal patch still pending, security teams must implement immediate workarounds to protect exposed systems. Turning off the telnetd service is the most effective defense. If the service remains operationally necessary, network administrators must block port 23 at the perimeter firewall to restrict access to trusted hosts only. Running telnetd without root privileges can also limit the blast radius of a successful exploit. Dream Security researchers warn that standard authentication logs won’t capture this attack, as it executes during the initial option negotiation phase Defenders must rely on network-level logging and packet capture to identify threats. Organizations should configure firewall rules to log all new connections to port 23 and deploy Intrusion Detection System (IDS) signatures to alert on LINEMODE SLC suboptions carrying unusually large payloads exceeding 90 bytes. All logs must be forwarded to a centralized SIEM to prevent attackers from wiping forensic evidence after achieving root access. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security News ForceMemo Hijacks GitHub Accounts, Backdoors Hundreds of Python Repos via Force-Push Cyber Security News Iran-Linked Cyber Campaigns Converge With Electronic and Psychological Warfare as Regional Conflict Escalates Cyber Security News Vidar Stealer 2.0 Spreads Through Fake Game Cheats Promoted on GitHub and Reddit Top 10 Essential E-Signature Solutions for Cybersecurity in 2026 January 31, 2026 Top 10 Best Data Removal Services In 2026 January 29, 2026 Best VPN Services of 2026: Fast, Secure & Affordable January 26, 2026 Top 10 Best Data Security Companies in 2026 January 23, 2026 Top 15 Best Ethical Hacking Tools – 2026 January 15, 2026