telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

Description

A vulnerability has been discovered in Synology products that allows an attacker to execute arbitrary code remotely.

Vendor	Product	Versions
Synology	DSM	7.2.1.x prior to 7.2.1-69057-11, 7.2.2.x prior to 7.2.2-72806-8, 7.3.x prior to 7.3.2-86009-3, DSMUC 3.1 all versions

Tier E

Lobsters Security2d ago

→ No new info (linked only)

Tier B

CERT-FR4d ago

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-120, CWE-94

Published3/13/2026

Last enriched2h agov3

Trending Score43

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, patch, iocs, mitre_attack

0 upvotes0 downvotes

No votes yet

State: verified

Confidence: 100%

Last enriched 2h ago

v3Tier B2h ago

Updated description to include remote code execution risk, marked exploit as available, and added CVE-2026-32746.

descriptionexploitAvailableactivelyExploited

via CERT-FR

v2Tier B9h ago

Added vendor Synology, product DSM, affected versions, and updated severity to CRITICAL with new CWE-94.

vendorproductaffectedVersionscweIds

via CERT-FR

v110h ago

Initial creation