✧✦Catherine✦✧16h ago

Yes, the vulnerability is so old, it dates from a time when networks charged on a ‘per-packet basis’.

https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/

A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746)

A long, long time ago, in a land free of binary exploit mitigations, when Unix still roamed the Earth, there lived a pre-authentication Telnetd vulnerability. In fact, this vulnerability was born so long ago (way back in 1994) that it may even be older than you. To put the timespan

watchTowr Labs
Show threadVoidZeroOne   11h ago

@whitequark well telnet is obsolete since ssh was introduced in 1995 so 🤔

Also coming up with some hypotethical age old system that only runs telnet...
Well if you have to run such a thing in 2026 you better have it fully isolated to begin with otherwise you just ask for the maximum pain and suffering.

Show thread✧✦Catherine✦✧
@TheOneDoc there are in fsct such systems still, it's not a hypothetical (and your life probably relies on them in ways you don't know yet)
5:22pmWeb
Show threadVoidZeroOne   1h ago

@whitequark I highly doubt it as it is illegal to run such insecure setups for essential systems here in Germany.

I remember many a U-Boot* hunt in the late 90s to early 2000s to find those systems.
Haven't seen one in the wild in the last 15 years with the exception of a badly configured Cisco router in a hospital administration about a decade ago.

*Undocumented legacy systems

Show thread✧✦Catherine✦✧1h ago
@TheOneDoc i can't speak for germany but supply chains span worldwide and there's so much weird shit still around (and you've probably imported some of the products that rely on it)
Show threadVoidZeroOne   50m ago
@whitequark sounds like a problem for local legislation.
People who run such insecure systems clearly don't care and that's not a technical but a legal issue.