CVE-2026-32772
published 2026-03-16CVE-2026-32772: telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.
medium4.7CVSS 3.1
AVNACLPRNUIRSCCLINAN
telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | inetutils | < inetutils 2:2.4-2+deb12u3 (bookworm) | inetutils 2:2.4-2+deb12u3 (bookworm) |
| gnu | inetutils | <= 2.7 | — |
| gnu | inetutils | >= 0 < 2:2.4-2+deb12u3 | 2:2.4-2+deb12u3 |
| gnu | inetutils | >= 0 < 2:2.6-3+deb13u3 | 2:2.6-3+deb13u3 |
| gnu | inetutils | >= 0 < 2:2.7-5 | 2:2.7-5 |
CVSS provenance
nvdv3.14.7MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
osv3.4LOW