Security researchers have identified a critical vulnerability in the GNU InetUtils telnet daemon that allows remote, unauthenticated attackers to gain full administrative control over a system. By sending a malicious handshake message during the initial connection process, an attacker can trigger a memory corruption flaw to execute arbitrary code as the root user.
A severe security flaw has been identified in the telnet daemon component of GNU InetUtils, a widely used collection of common network programs. This vulnerability, which has received a nearly perfect severity rating, is particularly dangerous because it does not require any prior access to the target system. An attacker can exploit the weakness before a user even has the chance to enter a username or password, making it a high-priority threat for network administrators.
The technical root of the problem lies in how the service handles a specific feature known as the linemode suboption. When the daemon processes a specially crafted request to set local characters, it fails to properly validate the boundaries of the data being written. This leads to an out-of-bounds write error, more commonly known as a buffer overflow, which allows an attacker to overwrite system memory and redirect the flow of the program to run their own malicious instructions.
This discovery was made by the Israeli cybersecurity firm Dream, which reported the issue earlier this month. Their analysis confirmed that the flaw impacts all versions of the software up to version 2.7. Because the telnet protocol is an older standard that lacks modern security protections, many organizations have transitioned to more secure alternatives, yet this utility remains present in many legacy environments and embedded systems.
One of the most concerning aspects of this vulnerability is the lack of prerequisites for a successful attack. A single connection to the standard network port used for telnet is the only requirement for exploitation. There is no need for a valid set of credentials, any form of user interaction, or a specific position within the network, meaning any vulnerable system exposed to the internet is at significant risk of being completely compromised.
While a formal patch is being developed and is expected to be released by early April, security experts recommend immediate defensive measures. Administrators are urged to disable telnet services wherever possible and transition to encrypted protocols like SSH. For systems where telnet must remain active, implementing strict firewall rules to limit access to trusted IP addresses is considered a necessary temporary safeguard until the official fix can be applied.
Source: https://nvd.nist.gov/vuln/detail/CVE-2026-32746