CVE-2026-32746 is a CVSS 9.8 pre-authentication buffer overflow in GNU Inetutils telnetd, exploitable over TCP port 23 with no credentials required, posing the highest risk to ICS, OT, and embedded Linux environments where Telnet remains active and patching cycles are constrained. A second CVE, CVE-2026-24061, has been associated with an authentication bypass variant; the precise relationship between the two identifiers is unconfirmed and requires verification against NVD and the official GNU advisory. Organizations should immediately block TCP port 23 at perimeter and internal boundaries, inventory all embedded and OT assets running GNU Inetutils telnetd, and coordinate with OT asset owners on patch validation procedures before applying any changes to production control systems.