Critical severity9.8NVD Advisory· Published Mar 13, 2026· Updated May 5, 2026
CVE-2026-32746
CVE-2026-32746
Description
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- osv-coords4 versionspkg:rpm/opensuse/krb5-appl&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/krb5-appl&distro=openSUSE%20Tumbleweedpkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/krb5-appl&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 1.0.3-bp160.2.1+ 3 more
- (no CPE)range: < 1.0.3-bp160.2.1
- (no CPE)range: < 1.0.3-6.1
- (no CPE)range: < 1.0.3-3.12.1
- (no CPE)range: < 1.0.3-3.12.1
Patches
Vulnerability mechanics
References
3- lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.htmlnvdExploitVendor Advisory
- www.openwall.com/lists/oss-security/2026/03/14/1nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2026/03/12/4nvdMailing ListThird Party Advisory
News mentions
2- 23rd March – Threat Intelligence ReportCheck Point Research · Mar 23, 2026
- A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746 Pre-Auth RCE)watchTowr Labs · Mar 19, 2026