A critical vulnerability has been discovered in GNU InetUtils (telnetd), tracked as CVE-2026-32746, which breaks the standard attack model. Typically, an attacker would need to provide valid credentials or perform a brute-force attack—but this flaw bypasses those requirements entirely.

An attacker only needs to connect to port 23 and send a specially crafted packet during the initial option negotiation, prior to the login prompt. The vulnerability exists in the handling of the LINEMODE suboption, where improper input validation leads to a buffer overflow.

📎 Article: https://pwn.guide/free/other/cve-2026-32746

💬 Discuss

Critical Telnet Vulnerability: Code Execution Without Authentication