A critical vulnerability in GNU InetUtils telnetd (CVE-2026-32746, CVSS 9.8) allows unauthenticated remote attackers to execute arbitrary code with root privileges. All versions through 2.7 are affected. The primary concern is the widespread use of telnetd in industrial control systems (ICS) and operational technology (OT) environments.

The Technical Details

The flaw exists in the telnet daemon's handling of certain protocol sequences. An unauthenticated remote attacker can send specially crafted input to the telnetd service to trigger a memory corruption condition, ultimately achieving code execution with the privileges of the daemon process, which typically runs as root.

Why ICS/OT Is the Primary Target

While most modern IT environments have deprecated telnet in favor of SSH, industrial control systems and OT environments tell a different story. Legacy PLCs, SCADA systems, embedded devices, and network equipment still rely on telnet for management access. Many of these systems cannot be easily upgraded and often run in flat networks without segmentation.

Impact Assessment

  • Root-level RCE: Full system compromise with no authentication required
  • Legacy exposure: ICS/OT environments with telnet-dependent devices are the highest-risk targets
  • No patch available: At time of disclosure, no official patch has been released for GNU InetUtils
  • Network pivoting: Compromised telnet-accessible devices can serve as pivot points into isolated OT networks

Mitigation Steps

  • Disable telnetd wherever possible and migrate to SSH.
  • For systems where telnet cannot be disabled, enforce strict network segmentation and ACLs.
  • Deploy network-level monitoring for anomalous telnet traffic patterns.
  • Conduct an inventory of all telnet-accessible assets, especially in OT/ICS environments.
  • Monitor for vendor-specific patches from ICS equipment manufacturers.