CVE-2026-32772Incorrect Resource Transfer Between Spheres in Inetutils

CWE-669Incorrect Resource Transfer Between Spheres6 documents6 sources
Severity
3.4LOWNVD
EPSS
0.0%
top 90.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Inetutils
Timeline
PublishedMar 16

Description

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages2 packages

Debiangnu/inetutils< 2:2.4-2+deb12u3+2
CVEListV5gnu/inetutils2.7

🔴Vulnerability Details

3
GHSA
GHSA-5p6r-4c7p-96fh: telnet in GNU inetutils through 22026-03-16
OSV
CVE-2026-32772: telnet in GNU inetutils through 22026-03-16
CVEList
CVE-2026-32772: telnet in GNU inetutils through 22026-03-13

📋Vendor Advisories

1
Debian
CVE-2026-32772: inetutils - telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-32772 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-32772 — GNU Inetutils vulnerability | cvebase