CVE-2026-32746 (CVSS 9.8) is a pre-authentication stack-based buffer overflow in the linemode SLC handler of GNU Inetutils telnetd, enabling unauthenticated RCE via a crafted Telnet negotiation sequence on TCP/23. ICS and OT environments face elevated risk due to widespread legacy Telnet usage in industrial control components where patching cycles are slow and compensating controls are limited. Not yet on CISA KEV; EPSS is low (0.029%, 8th percentile) as of analysis date, but technical details from Dream Security and watchTowr Labs are now public and exploitation risk is expected to increase. Organizations should block TCP/23 at perimeter and internal firewalls immediately, inventory all systems running GNU Inetutils telnetd with particular attention to OT/ICS segments, and begin migration to SSH where feasible.