- 64/2026
- Critical
GNU InetUtils has addressed a critical vulnerability affecting all versions of the Telnet service implementation through 2.7.
The addressed vulnerability could allow the remote attackers to perform out-ofbounds writes on systems running vulnerable versions of GNU inetutils telnetd, potentially leading to arbitrary code execution, full system compromise, or denial of service.
GNU Inetutils Remote Pre-Auth Buffer Overflow telnetd Vulnerability (CVE-2026- 32746):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
It should be highlighted that security researchers disclosed a proof-of-concept (PoC) exploit that exists in the wild for the vulnerability “CVE-2026-32746”.
Vulnerabilities
CVE-2026-32746
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed, which is expected to be available no later than April 1, 2026.