CVE-2026-32746 is a pre-authentication stack-based buffer overflow (CVSS 9.8, CWE-787/CWE-121) in GNU Inetutils telnetd, exploitable before any credential exchange during the telnet negotiation phase and present across all versions of the software for approximately 32 years; no vendor patch exists as of this reporting date. The risk is especially acute in ICS and OT environments where telnet is commonly used for legacy device management, and where network segmentation from IT and internet-adjacent networks may be insufficient. Immediate compensating controls are required: disable telnetd wherever not operationally necessary, enforce strict network segmentation blocking port 23 from untrusted zones per NIST SP 800-82 guidance, and monitor NVD and CISA advisories weekly for patch availability.