DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-32746: CVE-2026-32746: Pre-Authentication Remote Code Execution via BSS Overflow in GNU Inetutils telnetd

#security #cve #cybersecurity

CVE-2026-32746: Pre-Authentication Remote Code Execution via BSS Overflow in GNU Inetutils telnetd

Vulnerability ID: CVE-2026-32746
CVSS Score: 9.8
Published: 2026-03-13

A 32-year-old pre-authentication buffer overflow vulnerability exists in the GNU Inetutils telnetd daemon. The flaw resides in the LINEMODE SLC suboption handler, allowing remote attackers to achieve arbitrary code execution as the root user by overflowing a fixed-size BSS buffer during the initial Telnet handshake.

TL;DR

Unauthenticated remote code execution as root affects GNU Inetutils telnetd up to version 2.7 due to a missing bounds check in the slc.c module.

⚠️ Exploit Status: WEAPONIZED

Technical Details

  • CWE ID: CWE-120 (Buffer Copy without Checking Size of Input)
  • Attack Vector: Network
  • CVSS Base Score: 9.8 (Critical)
  • EPSS Score: 0.00027
  • Impact: Pre-authentication Remote Code Execution
  • Exploit Status: Weaponized Proof-of-Concept
  • CISA KEV Status: Not Listed

Affected Systems

  • GNU Inetutils <= 2.7
  • Debian Linux (Bookworm i386)
  • Ubuntu Linux
  • openSUSE
  • FreeBSD (13.x, 15.x ports)
  • NetBSD (10.1)
  • DragonFlyBSD
  • Citrix NetScaler
  • Haiku
  • TrueNAS Core
  • macOS Tahoe
  • GNU Inetutils: <= 2.7 (Fixed in: TBD)

Exploit Details

  • GitHub (watchTowr): Detection script to verify vulnerability via minimal overflow.
  • GitHub (jeffaf): Proof of Concept demonstrating BSS data leak and memory corruption.

Mitigation Strategies

  • Disable the telnetd service entirely and migrate to SSH.
  • Restrict network access to port 23 (Telnet) using firewalls and strict ACLs.
  • Deploy Intrusion Detection System (IDS) rules to detect excessively long Telnet SLC subnegotiation sequences.
  • Apply the official GNU Inetutils update containing the bounds check patch.

Remediation Steps:

  1. Audit network infrastructure and identify all systems running the telnetd service.
  2. Disable the telnetd service on systems where it is not strictly required for business operations.
  3. For systems requiring Telnet, apply network segmentation to isolate the service from untrusted networks.
  4. Download and compile the patched GNU Inetutils version upon official release.
  5. Deploy the updated telnetd binaries to affected systems and restart the service.
  6. Execute safe detection scripts against internal assets to confirm vulnerability remediation.

References

Read the full report for CVE-2026-32746 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)