Ancient Telnet Hole Sparks Modern Worry: CVE-2026-32746 Pre-Auth RCE in Telnetd

Researchers analyze CVE-2026-32746, a pre-auth RCE in GNU inetutils Telnetd via a LINEMODE SLC buffer overflow. The issue stems from overflowing a small slcbuf when processing SLC triplets during LINEMODE negotiation, with exploitation heavily dependent on OS and architecture (64-bit vs 32-bit); while a reliable full RCE wasn't achieved across tested targets, a heap leak and an arbitrary-free primitive were demonstrated, potentially enabling code execution under favorable libc conditions. The vulnerability affects inetutils Telnetd and many forks across major distros (Ubuntu, Debian, FreeBSD, NetBSD, macOS, etc.), and patches have not been widely released at publication time. Detection strategies include probing for LINEMODE support and non-invasive overflow checks; watchTowr provides a detection artifact generator. Patch urgently, but note there is no universal fixed version yet; users should build from fixed commits or apply vendor mitigations.