CVE-2026-32746

CriticalPublic PoC

Published: 13 March 2026

Published

13 March 2026

Modified

05 May 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0455 89.2th percentile

Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Description

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely remediation of the out-of-bounds write flaw in telnetd, directly eliminating the vulnerability through patching.

SI-16 Memory Protection good match

prevent

Implements memory protections like stack canaries, ASLR, and DEP to prevent exploitation of the buffer overflow for code execution.

CM-7 Least Functionality good match

prevent

Enforces least functionality by disabling unnecessary telnetd service, preventing remote attackers from reaching the vulnerable component.

Security SummaryAI

CVE-2026-32746 affects the telnetd daemon in GNU inetutils through version 2.7. The vulnerability is an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler, caused by the add_slc function not checking whether the buffer is full. Classified as CWE-120, it has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for severe memory corruption.

Any unauthenticated remote attacker with network access to the telnetd service can exploit this flaw with low complexity and no user interaction required. By sending a crafted LINEMODE SLC suboption during a telnet connection, the attacker triggers the out-of-bounds write, enabling high-impact effects such as arbitrary code execution, data tampering, or service crashes affecting confidentiality, integrity, and availability.

Advisories and discussions appear in the GNU inetutils bug mailing list (https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.html), OSS-Security announcements (https://www.openwall.com/lists/oss-security/2026/03/12/4 and http://www.openwall.com/lists/oss-security/2026/03/14/1), and a GitHub repository with related analysis (https://github.com/watchtowrlabs/watchtowr-vs-telnetd-CVE-2026-32746). Security practitioners should review these for patch availability and mitigation guidance.

Details

CWE(s): CWE-120

Affected Products

gnu

inetutils

≤ 2.7

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Out-of-bounds write in publicly reachable telnetd daemon enables unauthenticated remote code execution, directly matching initial access via exploitation of a public-facing network service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.html
Exploit, Vendor Advisory · cve@mitre.org
https://www.openwall.com/lists/oss-security/2026/03/12/4
Mailing List, Third Party Advisory · cve@mitre.org
http://www.openwall.com/lists/oss-security/2026/03/14/1
Mailing List, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
https://github.com/watchtowrlabs/watchtowr-vs-telnetd-CVE-2026-32746
Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0