A critical 32-year-old vulnerability in GNU inetutils telnetd allows unauthenticated remote code execution, leaving nearly 800,000 telnet servers exposed to active attacks. Botnets like RustDuck are actively exploiting the flaw alongside trivial authentication bypasses, turning forgotten telnet infrastructure into a major attack surface.
·CVE-2026-32746 in GNU inetutils telnetd enables pre-authentication remote code execution on vulnerable servers
·Approximately 800,000 telnet servers worldwide are currently at risk from active exploitation
·RustDuck botnet actively leveraging telnet flaws alongside SSH, Android ADB, and other protocol vulnerabilities
·Telnet authentication bypass vulnerabilities allow complete device takeover without credentials
·Legacy telnet infrastructure remains unpatched and widely exposed despite decades of security warnings
drawn from watchTowr Labs, Dark Reading, Adafruit, TradingView · updated 2d ago