Dream Security Labs published a vulnerability advisory detailing a pre-authentication remote code execution flaw caused by a buffer overflow in the telnetd LINEMODE SLC handler. The research uncovered a critical buffer overflow vulnerability, CVE-2026-32746, in the GNU Inetutils telnetd daemon, specifically within the LINEMODE SLC option negotiation handler. An unauthenticated remote attacker can exploit the flaw by sending a specially crafted message during the initial connection handshake, before any login prompt appears, potentially achieving remote code execution with root privileges.
The issue was reported to the GNU Inetutils security team following its discovery.
The advisory, identified as VULN-TELNETD-SLC-2025 and released on March 13, 2026, is…