A 32-year-old pre-authentication remote code execution vulnerability (CVE-2026-32746) has been discovered in GNU inetutils telnetd, affecting most Linux distributions. The BSS-based buffer overflow in the LINEMODE SLC negotiation handler allows attackers to corrupt adjacent variables without authentication. Despite Telnet's declining usage in favor of SSH, the vulnerability's widespread codebase inheritance makes the impact potentially significant.
Background
Telnet is an older network protocol for remote command-line access that transmits data in plaintext, largely superseded by SSH for security reasons. GNU inetutils is a common implementation of internet utilities including telnetd, the Telnet server daemon.
- Source
- Lobsters
- Published
- Mar 25, 2026 at 03:08 PM
- Score
- 8.0 / 10