CVE-2026-32746

Description A buffer overflow exists in the LINEMODE SLC (Set Local Characters) suboption handler of the telnetd daemon. The issue occurs because the add slc() function does not verify if the buffer is full before copying data, leading to an out-of-bounds write. An unauthenticated remote attacker can exploit this by sending a specially crafted packet during the initial connection handshake via port 23, potentially achieving remote code execution with root privileges. Approximately 50,000 internet-exposed assets have been identified as potentially affected.

Recommendations Disable the telnetd service immediately and replace it with SSH. Block all external access to TCP port 23 at the network perimeter and host-based firewalls.