Critical GNU inetutils Telnet RCE Allows Root Access
⚠️ Security researchers at Dream Security disclosed a critical buffer overflow in GNU inetutils telnetd (CVE-2026-32746) that enables unauthenticated remote code execution as root during Telnet negotiation. The flaw originates in the SLC handler which writes into a fixed 108‑byte buffer without bounds checking, producing an arbitrary write. Dream notified maintainers on March 11 and a patch was prepared the next day; administrators should disable telnetd, restrict or block TCP/23, or migrate to SSH until updates are applied.
