René Mayrhofer  🇺🇦13h ago
✧✦Catherine✦✧

Yes, the vulnerability is so old, it dates from a time when networks charged on a ‘per-packet basis’.

https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/

A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746)

A long, long time ago, in a land free of binary exploit mitigations, when Unix still roamed the Earth, there lived a pre-authentication Telnetd vulnerability. In fact, this vulnerability was born so long ago (way back in 1994) that it may even be older than you. To put the timespan

watchTowr Labs
5:58amWeb
Show threadSimon Zerafa (Status:   😊)14h ago

@whitequark

Fairly confident that @riskybusiness will find this one interesting 🙂

Show threadxyhhx 13h ago
@whitequark this is written so well lol
Show threadElizabeth  13h ago

@whitequark incorrect-ish

Per-packet charges largely disappeared by 1994 although some Internetworks still used them. But they were already very antiquated.

But the bigger gripe:

“That was so long ago that RISC was still a distant dream.”

incorrect. Late 80’s is when RISC CPUs started becoming a thing.

Show thread✧✦Catherine✦✧13h ago
@Elizafox i read it as 'far cry from today's world that is unequivocally dominated by RISC systems'
Show threadVoidZeroOne   10h ago

@whitequark well telnet is obsolete since ssh was introduced in 1995 so 🤔

Also coming up with some hypotethical age old system that only runs telnet...
Well if you have to run such a thing in 2026 you better have it fully isolated to begin with otherwise you just ask for the maximum pain and suffering.

Show thread✧✦Catherine✦✧3h ago
@TheOneDoc there are in fsct such systems still, it's not a hypothetical (and your life probably relies on them in ways you don't know yet)