Gnu-Inetutils

vulnerability 2026-04-02
CVE-2026-32746: 32-Year-Old GNU Telnetd Bug Gives Unauthenticated Attackers Root via Port 23
A CVSS 9.8 pre-authentication buffer overflow in GNU inetutils telnetd lets remote attackers get root before the login prompt. Patch is incomplete across major distros and a public PoC exists.
telnet rce buffer-overflow gnu-inetutils ics ot cve-2026-32746

CVE-2026-32746: 32-Year-Old GNU Telnetd Bug Gives Unauthenticated Attackers Root via Port 23