Israeli company Dream discovered a critical vulnerability in GNU InetUtils telnetd with a CVSS score of 9.8, which allows remote attackers to execute arbitrary code with root privileges without authentication. Vulnerability CVE-2026-32746 affects all versions of Telnet up to and including 2.7.

The vulnerability is a buffer overflow in the LINEMODE Set Local Characters (SLC) handler and can be exploited during the initial handshake of the connection, even before the login prompt appears. A fix is expected by April 1, 2026. This is the second critical vulnerability in telnetd in two months, with the previous CVE-2026-24061 already actively exploited in the wild.

Technical Details of the Telnetd Vulnerability

Vulnerability CVE-2026-32746 is classified as an out-of-bounds write in the LINEMODE Set Local Characters (SLC) suboption handler, leading to a buffer overflow and the potential for remote code execution. According to security researcher Adiel Sol from Dream, an unauthenticated attacker can trigger the vulnerability by connecting to port 23 and sending a specially crafted SLC suboption with a multitude of triplets. Critically, exploitation is possible before the login prompt appears, meaning that standard authentication mechanisms do not provide protection. A CVSS score of 9.8 out of 10.0 indicates the maximum level of criticality. Successful exploitation can lead to complete system compromise if telnetd is running with root privileges, opening opportunities for deploying persistent backdoors, data theft, and lateral movement through compromised hosts as a foothold for further attacks.

Impact Scope and Mitigation Recommendations

The vulnerability affects all versions of GNU InetUtils telnetd through version 2.7. Dream discovered and reported the vulnerability on March 11, 2026, with a fix expected by April 1, 2026. In the absence of a patch, it is recommended to disable the service if it is not required, run telnetd without root privileges where possible, block port 23 at the network perimeter and host firewall to limit access, and isolate Telnet access. For organizations that rely on Telnet for critical operations, immediate risk assessment and implementation of interim defenses are necessary. This is especially important for infrastructure that may be accessible from the internet or untrusted networks.

Context: Second Critical Vulnerability in Two Months

The disclosure of CVE-2026-32746 comes nearly two months after the disclosure of another critical vulnerability in GNU InetUtils telnetd (CVE-2026-24061, CVSS score 9.8), which could be used to gain root access to the target system. The previous vulnerability is already actively exploited in the wild, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). This indicates serious security issues in the telnetd code and underscores the need for urgent updates. The fact that two critical vulnerabilities have been discovered within two months suggests that there may be additional unknown security issues in this component.

Telnet in Modern Infrastructure and Security Risks

Despite being considered an obsolete protocol, Telnet is still used in some organizations, particularly in legacy systems and network equipment. Using Telnet instead of the more secure SSH poses significant security risks. Vulnerability CVE-2026-32746 demonstrates that even older protocols can contain serious security issues that can be exploited for complete system compromise. Organizations should inventory their infrastructure to identify all instances of telnetd and prioritize their replacement with more secure alternatives such as SSH. For systems that cannot be immediately updated or replaced, multi-layered defenses including network isolation and monitoring should be implemented.

Recommendations for IT Professionals and Operations Teams

Operations teams should immediately take the following steps: scan the network to identify all systems running telnetd, assess the criticality of these systems, apply interim defenses (port blocking, network isolation), prepare to deploy the patch after its release on April 1, 2026, and consider a long-term solution to replace Telnet with SSH. Managed IT service providers, such as Alashed IT (it.alashed.kz), can assist organizations in assessing vulnerabilities, implementing interim defenses, and planning migration to more secure protocols. Monitoring network traffic on port 23 and analyzing connection attempts can help detect potential attacks early.

Что это значит для Казахстана

For organizations in Kazakhstan and Central Asia, this vulnerability poses a significant risk, especially for companies that use legacy infrastructure or have systems developed during the widespread use of Telnet. Many organizations in the region still rely on old network and server management systems that may use Telnet for remote administration. The criticality of the vulnerability (CVSS 9.8) means that even a single compromised system can lead to complete loss of control over the infrastructure. Kazakhstani companies, particularly in the telecommunications, energy, and financial sectors, should immediately audit their systems. Cybersecurity experts in the region recommend that organizations seek managed service providers for vulnerability assessments and implementation of protective measures. Given the growing cyber threat activity in the region, timely addressing such critical vulnerabilities is a priority for ensuring the security of critical infrastructure.

Vulnerability CVE-2026-32746 has a CVSS score of 9.8 and allows remote attackers to execute arbitrary code with root privileges without authentication, affecting all versions of GNU InetUtils telnetd up to 2.7.

Vulnerability CVE-2026-32746 in telnetd poses a critical threat to organizations using this protocol. Immediate implementation of interim defenses and preparation to deploy the patch after April 1, 2026, are mandatory. Organizations should consider a long-term strategy to replace Telnet with more secure alternatives such as SSH to avoid similar issues in the future.

Часто задаваемые вопросы

What is CVE-2026-32746 and why is it critical?

CVE-2026-32746 is a critical vulnerability in GNU InetUtils telnetd with a CVSS score of 9.8, which allows remote attackers to execute arbitrary code with root privileges without authentication. The vulnerability is a buffer overflow in the LINEMODE Set Local Characters (SLC) handler and can be exploited during the initial handshake of the connection, even before the login prompt appears.

Which versions of Telnet are affected by vulnerability CVE-2026-32746?

The vulnerability affects all versions of GNU InetUtils telnetd through version 2.7. Dream discovered and reported the vulnerability on March 11, 2026. A fix is expected by April 1, 2026.

How to protect the system from CVE-2026-32746 exploitation?

It is recommended to disable telnetd if it is not required, run it without root privileges where possible, block port 23 at the network perimeter and host firewall, and isolate Telnet access. Organizations should also inventory their systems and prepare to deploy the patch after its release.

Is this the second critical vulnerability in Telnet in a short period?

Yes, the disclosure of CVE-2026-32746 comes nearly two months after the disclosure of CVE-2026-24061, also a critical vulnerability in telnetd with a CVSS score of 9.8. The previous vulnerability is already actively exploited in the wild, according to CISA.

Why is Telnet still used if it is insecure?

Telnet is still used in some organizations, particularly in legacy systems and network equipment, where replacing it with SSH may be challenging or costly. However, organizations should prioritize migrating to more secure alternatives such as SSH to avoid similar security issues.

Читайте также

Источники

Источник фото: thehackernews.com