Reports of My Death are Greatly Exaggerated: Addressing the Critical GNU Telnet Vulnerability (CVE-2026-32746)
Because that which is dead may never die, it turns out even the best of us are vulnerable to the risks present in ancient source code. CVE-2026-32746 is making the news rounds as the next “big thing” in broad-reaching security incidents since Log4j.
What is CVE-2026-32746?
At its core, it’s a buffer overflow vulnerability. According to Adiel Sol and the DREAM Security Research Team, “The telnetd server has a buffer overflow in the LINEMODE SLC (Set Local Characters) suboption handler. An unauthenticated attacker can trigger it by connecting to port 23 and sending a crafted SLC suboption with many triplets. No login is required; the bug is hit during option negotiation, before the login prompt. The overflow corrupts memory and can be turned into arbitrary writes. In practice this can lead to remote code execution. Because telnetd usually runs as root (e.g. under inetd or xinetd), a successful exploit would give the attacker full control of the system.”
Why is CVE-2026-32746 So Severe?
The severity of this vulnerability stems from three main factors:
- Pre-authentication exploitation: This happens before a user even sees a login prompt. No credentials, password, or special permissions are required to utilize the exploit.
- Root access: Because the Telnet often runs with root privileges, a successful exploit grants the attacker full administrative control of the system.
- Critical CVSS score: With a CVSS score of 9.8, it is ranked as one of the most dangerous types of remote code execution (RCE) vulnerabilities.
HCL BigFix Remediation Strategy
As of today, the industry is in a "wait and watch" period for official patches from various Linux and Unix vendors.
HCL BigFix is on alert for vendor patches and is prioritizing remediation for this vulnerability across all supported platforms, helping organizations strengthen their endpoint management and overall security posture. As vendors release official security updates to address the flaw, we will fast-track the deployment of these patches.
In the meantime, our primary recommendation remains: If you don’t need Telnet, disable it. Replacing Telnet with a secure alternative, such as SSH, is the only way to eliminate this attack surface fully.
Proactive Discovery: How to Find Your Exposure
You can't fix what you don't know exists. Because Telnet is often a "forgotten" service that is left running on old lab servers, ancient applications, or legacy Windows instances, finding it is the first step.
HCL BigFix users can proactively identify where this vulnerability might be lurking through its Checklist Content. By leveraging our DISA STIG and CIS Checklist content, you can see where Telnet is enabled in your environment and take the necessary steps to disable the service or restrict port access (23 by default) until a permanent patch is applied. The list of relevant Checks is as follows:
|
Fixlet ID |
Fixlet Name |
Friendly Site Name |
|
40304284 |
Ensure telnet daemon is not in use |
CIS Checklist for AIX 7.x |
|
214126968 |
Ensure telnet server services are not in use |
CIS Checklist for AlmaLinux OS 9 |
|
214127292 |
Ensure telnet client is not installed |
CIS Checklist for AlmaLinux OS 9 |
|
140693 |
Ensure telnet client is not installed |
CIS Checklist for Amazon Linux 2 |
|
140857 |
Ensure telnet server services are not in use |
CIS Checklist for Amazon Linux 2 |
|
214123770 |
Ensure telnet-server is not installed |
CIS Checklist for Amazon Linux 2023 |
|
214123997 |
Ensure telnet client is not installed |
CIS Checklist for Amazon Linux 2023 |
|
139961 |
Ensure telnet client is not installed |
CIS Checklist for CentOS Linux 8 |
|
140263 |
Ensure telnet client is not installed |
CIS Checklist for Debian Linux 10 |
|
214116727 |
Ensure telnet client is not installed |
CIS Checklist for Debian Linux 11 |
|
214121111 |
Ensure telnet client is not installed |
CIS Checklist for Debian Linux 12 |
|
135539 |
Ensure telnet client is not installed |
CIS Checklist for Debian Linux 9 |
|
116656 |
Ensure telnet server services are not in use |
CIS Checklist for Oracle Linux 7 |
|
116727 |
Ensure telnet client is not installed |
CIS Checklist for Oracle Linux 7 |
|
142485 |
Ensure telnet client is not installed |
CIS Checklist for Oracle Linux 8 |
|
214129373 |
Ensure telnet server services are not in use |
CIS Checklist for Oracle Linux 8 |
|
154228 |
Ensure telnet client is not installed |
CIS Checklist for Oracle Linux 9 |
|
154474 |
Ensure telnet server services are not in use |
CIS Checklist for Oracle Linux 9 |
|
214139754 |
Ensure telnet server services are not in use |
CIS Checklist for RHEL 10 |
|
214140058 |
Ensure telnet server services are not in use |
CIS Checklist for RHEL 10 |
|
126788 |
Ensure telnet client is not installed |
CIS Checklist for RHEL 7 |
|
142893 |
Ensure telnet server services are not in use |
CIS Checklist for RHEL 7 |
|
139235 |
Ensure telnet client is not installed |
CIS Checklist for RHEL 8 |
|
214120600 |
Ensure telnet server services are not in use |
CIS Checklist for RHEL 8 |
|
152094 |
Ensure telnet client is not installed |
CIS Checklist for RHEL 9 |
|
152220 |
Ensure telnet server services are not in use |
CIS Checklist for RHEL 9 |
|
214125897 |
RHEL 9 must not have telnet-server package installed |
CIS Checklist for RHEL 9 |
|
161151 |
Ensure telnet client is not installed |
CIS Checklist for Rocky Linux 8 |
|
214122772 |
Ensure telnet server services are not in use |
CIS Checklist for Rocky Linux 8 |
|
214114013 |
Ensure telnet server services are not in use |
CIS Checklist for Rocky Linux 9 |
|
214114077 |
Ensure telnet client is not installed |
CIS Checklist for Rocky Linux 9 |
|
14 |
Disable Telnet Service |
CIS Checklist for Solaris 11.4 |
|
59373904 |
Check that the Banner Setting for telnet is Null |
CIS Checklist for Solaris 11.4 |
|
165699614 |
Check for Remote Consoles |
CIS Checklist for Solaris 11.4 |
|
126351 |
Ensure telnet client is not installed |
CIS Checklist for SUSE 12 |
|
214118259 |
Ensure telnet-server is not installed |
CIS Checklist for SUSE 12 |
|
143182 |
Ensure telnet-server is not installed |
CIS Checklist for SUSE Linux Enterprise 15 |
|
143224 |
Ensure telnet client is not installed |
CIS Checklist for SUSE Linux Enterprise 15 |
|
214117563 |
Ensure telnet client is not installed |
CIS Checklist for Ubuntu 18.04 LTS Server |
|
214141904 |
Ensure telnet client is not installed |
CIS Checklist for Ubuntu 22.04 LTS Server |
|
214123617 |
Ensure telnet client is not installed |
CIS Checklist for Ubuntu 24.04 LTS Server |
|
144217 |
Ensure telnet client is not installed |
CIS Checklist for Ubuntu 20 |
|
754 |
AIX must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions. |
DISA STIG Checklist for AIX 7.x |
|
1514 |
AIX telnet daemon must not be running |
DISA STIG Checklist for AIX 7.x |
|
2734 |
AIX must disable /usr/bin/rcp,/usr/bin/rlogin,/usr/bin/rsh, /usr/bin/rexec and /usr/bin/telnet commands. |
DISA STIG Checklist for AIX 7.x |
|
214139412 |
Amazon Linux 2023 must not have the telnet-server package installed. |
DISA STIG Checklist for Amazon Linux 2023 |
|
143821 |
Ubuntu must not have telnet package installed |
DISA STIG Checklist for Canonical Ubuntu 18.04 LTS |
|
145736 |
Oracle Linux must not have telnet-server package installed |
DISA STIG Checklist for Oracle Linux 7 |
|
149317 |
OL 8 must not have telnet-server package installed |
DISA STIG Checklist for Oracle Linux 8 |
|
214134126 |
OL 9 must not have telnet-server package installed |
DISA STIG Checklist for Oracle Linux 9 |
|
145020 |
RHEL 8 must not have the telnet-server package installed. |
DISA STIG Checklist for RHEL 8 |
|
197396354 |
Access to a domain console via telnet must be restricted to the local host. |
DISA STIG Checklist for Solaris 11 |
|
214117673 |
SUSE must not have telnet-server package installed |
DISA STIG Checklist for SUSE 12 |
|
214120107 |
SUSE must not have telnet-server package installed |
DISA STIG Checklist for SUSE 15 |
|
154077 |
The Ubuntu operating system must not have the telnet package installed. |
DISA STIG Checklist for Ubuntu 20.04 LTS Server |
|
214124524 |
Ubuntu 22.04 LTS must not have the "telnet" package installed. |
DISA STIG Checklist for Ubuntu 22.04 LTS Server |
|
214125635 |
Ubuntu 24.04 LTS must not have the telnet package installed. |
DISA STIG Checklist for Ubuntu 24.04 LTS Server |
|
100272 |
The Telnet Client must not be installed on the system. |
DISA STIG Checklist for Windows 10 |
|
151707 |
The Telnet Client must not be installed on the system. |
DISA STIG Checklist for Windows 11 |
|
123522 |
The Telnet Client must not be installed. |
DISA STIG Checklist for Windows 2016 |
|
151104 |
Windows Server 2022 must not have the Telnet Client installed. |
DISA STIG Checklist for Windows 2022 |
|
141068 |
Windows Server 2019 must not have the Telnet Client installed. |
DISA STIG Checklist for Windows Server 2019 |
|
214122269 |
Windows Server must not have the Telnet Client installed. |
HIPAA Checklist for Windows Server |
|
214144226 |
Ensure telnet client is not installed |
NIS2 Checklist for RHEL |
|
214144227 |
Ensure telnet server services are not in use |
NIS2 Checklist for RHEL |
|
214141527 |
Ensure telnet client is not installed |
Universal Checklist for RHEL |
|
214141552 |
Ensure telnet server services are not in use |
Universal Checklist for RHEL |
|
214134858 |
Ensure Telnet client is not installed |
Universal Checklist for Windows Server |
|
214138438 |
Windows must not have Telnet Client installed |
Universal Checklist for Windows Workstation |
HCL BigFix will get updated content as soon as vendors begin releasing fixes for this vulnerability. Stay safe out there, and hopefully the next vulnerability isn’t in privilege escalation in punch cards for your existing UNIVACs.
Start a Conversation with Us
We’re here to help you find the right solutions and support you in achieving your business goals.
