NAS Under Siege: Critical 9.8 CVSS Bug in Synology Telnet Opens the Door to Total Hijack

Synology issued an urgent security advisory for CVE-2026-32746: a critical (CVSS 9.8) buffer-overflow vulnerability in GNU inetutils' telnetd that enables unauthenticated remote code execution on affected DiskStation Manager (DSM) versions. Synology provides fixed DSM release versions and recommends immediate upgrades or disabling the Telnet service as a mitigation.