CVE-2026-32746 is a BSS-based buffer overflow in the LINEMODE SLC negotiation handler of GNU inetutils telnetd, introduced in 1994 and present in virtually every major OS including Linux distros, FreeBSD, NetBSD, macOS, Citrix NetScaler, and TrueNAS. The vulnerability allows an attacker to corrupt ~400 bytes of adjacent BSS memory pre-authentication. Exploitation is constrained by triplet byte restrictions, 0xFF doubling behavior, and compiler-dependent memory layouts. On 32-bit Debian, an arbitrary free primitive and heap pointer leak were demonstrated, but full RCE was not achieved. A detection tool is provided. As of publication, inetutils has not released a fixed version — only a patched git commit exists.
Table of contents
What Are We Looking At Here?What Is CVE-2026-32746?It’s 2026, Why Telnet? Where Is The MCP?A Vulnerability In Telnet?! Isn't Telnet Just, Like, The Same As Netcat?Tense NegotiationsOn To ExploitationWhat We TriedDebian - 32bit EditionDetection ApproachesConclusionGain early access to our research, and understand your exposure, with the watchTowr PlatformSort: