CVE-2026-32746

CWE-120Classic Buffer OverflowCWE-918Server-Side Request Forgery (SSRF)8 documents8 sources
Severity
9.8CRITICAL
EPSS
0.0%
top 92.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Inetutils
Timeline
PublishedMar 13
Latest updateMar 25

Description

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Debianinetutils< 2:2.4-2+deb12u3+2
CVEListV5gnu/inetutils2.7

🔴Vulnerability Details

4
CVEList
CVE-2026-32746: telnetd in GNU inetutils through 22026-03-13
GHSA
GHSA-qvfm-56cp-4988: telnetd in GNU inetutils through 22026-03-13
OSV
CVE-2026-32746: telnetd in GNU inetutils through 22026-03-13
GHSA
vLLM has SSRF Protection Bypass2026-03-09

🔍Detection Rules

1
Suricata
ET EXPLOIT Telnet SLC Option Data Buffer Overflow Attempt (CVE-2026-32746)2026-03-25

📋Vendor Advisories

1
Debian
CVE-2026-32746: inetutils - telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMO...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-32746 Impact, Exploitability, and Mitigation Steps | Wiz