CVE-2026-32746NVD

Vulnerability Summary

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

Severity Level

CRITICAL(9.8)

Published Date

Mar 13, 2026

Last Modified

May 5, 2026

Exploitation Status

UNKNOWN

Root Weakness (CWE)

CWE-120: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

EPSS Score (30-Day)

5.30%Probability

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.html
https://www.openwall.com/lists/oss-security/2026/03/12/4
http://www.openwall.com/lists/oss-security/2026/03/14/1
https://github.com/watchtowrlabs/watchtowr-vs-telnetd-CVE-2026-32746