CVE-2026-32746

Published Mar 13, 2026

Last updated 3 days ago

CVSS critical 9.8
OT

Overview

Description
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

cve@mitre.org
CWE-120

Social media

Hype score
Not currently trending

  1. Top 5 Trending CVEs: 1 - CVE-2026-3888 2 - CVE-2025-31277 3 - CVE-2025-55182 4 - CVE-2026-20643 5 - CVE-2026-32746 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    19 Mar 2026

    155 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

Related CVEs

  1. The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.CVE-2026-24790
  2. The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.CVE-2026-1670
  3. A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.CVE-2026-2630
  4. An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configurationCVE-2025-70828
  5. OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contain a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaL_openlibs() without sandboxing or capability restrictions, exposing standard libraries such as 'os' and 'io' to untrusted portrayal catalogues. An attacker can provide a malicious S-100 portrayal catalogue containing Lua scripts that execute arbitrary commands with the privileges of the OpenS100 process when a user imports the catalogue and loads a chart.CVE-2026-22208

References

Sources include official advisories and independent security research.