GNU Inetutils <=2.7 Telnet Read Env via NEW_ENVIRON SEND USERVAR
CVE-2026-32772 Published on March 13, 2026
telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.
Vulnerability Analysis
CVE-2026-32772 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2026-32772. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Incorrect Resource Transfer Between Spheres
The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.
Products Associated with CVE-2026-32772
Want to know whenever a new CVE is published for GNU Inetutils? stack.watch will email you.
Affected Versions
GNU inetutils:- Before and including 2.7 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.