Sign in Get started

← All advisories

Low severity3.4NVD Advisory· Published Mar 16, 2026· Updated May 5, 2026

CVE-2026-32772

CVE-2026-32772

Description

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.

Affected products

2

GNU/Inetutils2 versions
cpe:2.3:a:gnu:inetutils:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gnu:inetutils:*:*:*:*:*:*:*:*range: <=2.7
- (no CPE)range: 0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

www.openwall.com/lists/oss-security/2026/03/13/1nvdExploitMailing ListThird Party Advisory

News mentions

1

23rd March – Threat Intelligence Report
Check Point Research · Mar 23, 2026