Telnet in 2026: a ghost that still kills
On March 11, 2026, Israeli company Dream Security disclosed a critical flaw in the GNU InetUtils telnet daemon. CVE-2026-32746 (CVSS 9.8) allows arbitrary code execution with root privileges via port 23, without any authentication.
Technical details
All GNU InetUtils telnetd versions through 2.7 are affected. The flaw exploits a memory management issue in telnet connection handling.
3,362 exposed hosts
An Internet scan revealed 3,362 hosts with the vulnerable daemon directly accessible. The real number is much higher as many systems use telnet on internal networks.
Why it’s critical for OT/ICS
Telnet is officially obsolete but remains widely used in OT and ICS: industrial PLCs (many only support Telnet), legacy network equipment, SCADA interfaces, and medical devices. These environments are often the most critical (energy, water, healthcare) and least updated.
Remediation
- Disable Telnet everywhere SSH is available
- If Telnet is required: isolate on a dedicated VLAN, block port 23 from Internet, restrict to management IPs only
- Update GNU InetUtils when patched version is available
- Audit your network: search for active Telnet services
- Monitor: alert on any unusual Telnet connections
Recommended reading
These are affiliate links. If you make a purchase through these links, we may earn a commission at no extra cost to you.
- (ISC)2 CISSP Official Study Guide: covers infrastructure security and network segmentation.
- NordVPN: secure remote administration connections.
Sources
- Critical Telnetd Flaw CVE-2026-32746 - The Hacker News
- Dream Security Telnetd RCE - Industrial Cyber
Advertisement