Latest GNU Inetutils telnetd server vulnerability: CVE-2026-32746 #
Adiel Sol reported a GNU Inetutils telnetd buffer overflow vulnerability within its handling of the LINEMODE suboption SLC (Set Local Characters). This flaw occurs during option negotiation, before a login prompt is even presented. A remote, unauthenticated adversary can achieve pre-authentication remote code execution (RCE) by sending a specially crafted SLC suboption containing an excessive number of triplets. Because the telnetd service frequently runs with root privileges, exploitation can lead to a full system compromise. No CVE has been assigned to this vulnerability at this time (March 13, 2026).
Update: The vulnerability has been designated CVE-2026-32746 and has been rated critical with a CVSS score of 9.8.
The following versions are affected:
- GNU Inetutils telnetd all versions up to and including 2.7
What is GNU Inetutils telnetd? #
GNU Inetutils (inet-utils) is a collection of common network programs and servers, most frequently deployed on Linux-based systems. The GNU Inetutils telnetd daemon provides a server for the Telnet protocol. While Telnet is a legacy remote-access protocol that has been largely supplanted by SSH, it remains widely used in low-power and legacy environments.
What is the impact? #
Successful exploitation of these vulnerabilities would allow an adversary to execute arbitrary code on the vulnerable host, potentially leading to complete system compromise.
Are updates or workarounds available? #
A patched version of telnetd has not yet been released. It is strongly recommended to disable the telnetd service on all potentially vulnerable systems.
How to find potentially vulnerable systems with runZero #
From the Service Inventory, use the following query to locate systems running potentially vulnerable software:
_asset.protocol:=telnet AND protocol:=telnet AND os:Linux AND banner:="%login:"
AND NOT (type:device OR type:"ip camera" OR type:"ip phone" OR banner:busybox)
This query is focused on Linux devices utilizing GNU telnetd. However, please note that results may include other Linux-hosted Telnet services that are not necessarily vulnerable to this specific flaw.
January 2026: CVE-2026-24061 #
Simon Josefsson has reported a vulnerability in the the GNU inet-utils telnetd server. GNU inet-utils (InetUtils) is a collection of Internet-related servers and utilities. It is most commonly deployed on Linux systems.
GNU telnetd contains an authentication bypass vulnerability in its handling of user-supplied environment variables. A specially crafted $USER environment variable can bypass authentication and allow a remote, unauthenticated attacker to access a vulnerable system with the privileges of any known user, including root.
This vulnerability has been assigned CVE-2026-24061 and has a CVSS score of 9.8 (extremely critical).
The following versions are affected
- GNU inet-utils telnetd versions 1.9.3 and higher
What is telnetd? #
GNU inet-utils telnetd provides a server for the standard Telnet protocol. Telnet is a legacy remote-access protocol similar that has been largely supplanted by SSH and other, more secure, protocols. However, Telnet is still widely used in low-power or legacy devices.
What is the impact? #
Successful exploitation of this vulnerability would allow an adversary to bypass authentication on a vulnerable host.
Are updates or workarounds available? #
There is currently no patched version available. Users are advised to disable telnet access if possible, and to ensure proper network access controls are in place.
How to find potentially vulnerable systems with runZero #
From the Asset inventory, use the following query to locate potentially vulnerable assets:
_asset.protocol:=telnet AND protocol:=telnet AND os:Linux AND banner:="%login:" AND NOT banner:busyboxNote that this query will locate many Telnet services running on Linux hosts; GNU inet-utils telnetd is one of the most common Telnet servers deployed on Linux systems, but this query may discover other Telnet servers as well.
