CVE-2026-32772 PUBLISHED

Assigner: mitre
Reserved: 13.03.2026 Published: 13.03.2026 Updated: 13.03.2026

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
CVSS Score: 3.4

Product Status

Vendor GNU
Product inetutils
Versions Default: unknown
  • affected from 0 to 2.7 (incl.)

References

Problem Types

  • CWE-669 Incorrect Resource Transfer Between Spheres CWE