—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Remote Code Execution Vulnerability in telnetd

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Telnetd all versions through 2.7

Overview

A critical vulnerability has been reported in GNU InetUtils telnet daemon (telnetd), which could allow a remote attacker to execute remote code (RCE) with root privileges.

Target Audience:

Administrators and users of systems running affected versions of telnetd service.

Risk Assessment:

Very high risk of remote code execution, privilege escalation, and complete system compromise.

Impact Assessment:

Potential for full system takeover, unauthorized root access, sensitive information disclosure, lateral movement, and disruption of services.

Description

Telnetd is a server daemon included in GNU InetUtils that provides remote login capability using the Telnet protocol.

A critical vulnerability exist in the telnetd service that allows an unauthenticated remote attacker to execute remote code by sending specially crafted messages during the telnet protocol handshake. The flaw can be triggered before authentication by connecting to port 23 and exploiting improper handling of SLC option negotiation, leading to memory corruption.

Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with root privileges on the targeted vulnerable server.

Solution

Apply appropriate updates as mentioned by the vendor:

https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html

Vendor Information

Telnetd

https://www.gnu.org/software/inetutils/

References

 

https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html

CVE Name

CVE-2026-32746

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmm/fWkACgkQ3jCgcSdc

ys+bpw/+Kmh2UpHOc54kNphwHLKzUa/c+gwALh55qGjkNytZrfP417CEdXxteNwa

43pEhG0KhJqqZe7qlWuhLv38CBHxkJgt+MV00I/RZEwF+tdQls/Uq9/h9gHJiASW

LmQTCcYogy9T8LzfS7/pfxLvfRImnbLNbwQFuNTI6M6IewyTrLIH/jFZF/QM8EDs

Mb8sYWvsxaHMk8DYZB+9/Vds2Ifzli7wtBJGJLbqIC3cLbAYTZ9E3pkTbttPwSTC

Z/eyTnvEvV32skoUiekXVfpvImhHG1PWIa/5nY7mjRVURJ32FIiHyHIppuSuSs7s

USmuU23L39xKFUGGlNjy3KE09Oat1zZ7U1V5Q6KeL0A//8ERWv7oJQk0KdrHVN4J

O5FHmi0gtUQ8UTNVnW7vzS4EiPPn/frK4WdK0zQATo0WWxVgbJ/Y8QH1mz7lNQAa

Conya11cYZ20WXJsTrArFg0XE4UZ3v2uQgCBv7tDWwCdyJTRAgXqsvMCBXzEdyzj

+qCaMS9rvmhKkADKLgFv4/9sBIVhctTif2DxJC36v/fnbXg4u6zubY5jE/l0UHXn

sWTSyld3ayC3pmD2S+C4JlsLQu91QhpkbdaAwnNp9FLb8JMLc09WAWVmZNwhd2v1

EPqbOeC5I62BhU4309KbKvB+VJLrdBo5d/TyNULw2kcgKyTGlHU=

=S/LX

—–END PGP SIGNATURE—–