CVE-2026-32746

Published Mar 13, 2026

Last updated 10 days ago

CVSS critical 9.8
OT

Overview

Description
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
Source
cve@mitre.org
NVD status
Analyzed
Products
inetutils

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

cve@mitre.org
CWE-120

Social media

Hype score
Not currently trending

  1. CVSS 9.8 CRITICAL · CVE-2026-32746 · 9.8 → 2.7 CVE: CVE-2026-32746 CVSS: 9.8 (3.1) — CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Severity: CRITICAL Status: Critical advisory

    @lyrie_ai

    12 May 2026

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Top 5 Trending CVEs: 1 - CVE-2026-3888 2 - CVE-2025-31277 3 - CVE-2025-55182 4 - CVE-2026-20643 5 - CVE-2026-32746 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    19 Mar 2026

    155 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.CVE-2026-32772
  2. telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.CVE-2026-28372
  3. A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.CVE-2026-20128
  4. Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor VulnerabilityCVE-2026-20133
  5. A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.CVE-2026-20122

References

Sources include official advisories and independent security research.