Description
telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.
Published: 2026-03-13
Score: 3.4 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Assess Impact
AI Analysis

Impact

The vulnerability originates from the telnet server component of GNU Inetutils. It permits a client to send the NEW_ENVIRON and SEND USERVAR commands such that the server will read and expose arbitrary environment variables contained in the client’s environment. This behaviour results in the disclosure of sensitive information that may be available only to the client process. The weakness is a classic information‑exposure through an interface issue, mapped to CWE‑669.

Affected Systems

Affected products are the telnet service in GNU Inetutils versions up to and including 2.7. The problem exists in all builds that implement the standard telnet protocol without guarding against the NEW_ENVIRON request. No specific vendor release notes are provided, but the advisory warns that any version of inetutils 2.7 or earlier is vulnerable.

Risk and Exploitability

This issue carries a CVSS v3.1 base score of 3.4, indicating low overall severity. The EPSS score is reported to be below 1 %, and the vulnerability is not listed in the CISA KEV catalog, suggesting a low probability of widespread exploitation. An attacker would need to establish a telnet session to a vulnerable server and send the NEW_ENVIRON command with crafted environment data. The exploit does not require elevated privileges on the server side and may be performed by a remote client connecting to the telnet port.

Generated by OpenCVE AI on March 19, 2026 at 15:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade GNU Inetutils to a version newer than 2.7 where the telnet server no longer processes NEW_ENVIRON SEND USERVAR from clients.
  • Verify that the updated version has the improved environment handling as described in the vendor's release notes.
  • If upgrading is not immediately possible, restrict telnet traffic to trusted hosts using firewall rules or disable the telnet service altogether.
  • Monitor network traffic for telnet sessions that include NEW_ENVIRON commands as a potential indicator of exploitation attempts.

Generated by OpenCVE AI on March 19, 2026 at 15:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4527-1 inetutils security update
Debian DSA Debian DSA DSA-6193-1 inetutils security update
History

Mon, 23 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Title Information Disclosure via NEW_ENVIRON in GNU Inetutils Telnet

Mon, 16 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Gnu
Gnu inetutils
Vendors & Products Gnu
Gnu inetutils

Fri, 13 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Description telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.
Weaknesses CWE-669
References
Metrics cvssV3_1

{'score': 3.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N'}

Subscriptions

Gnu Inetutils
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-16T17:02:16.817Z

Reserved: 2026-03-13T21:01:17.399Z

Link: CVE-2026-32772

cve-icon Vulnrichment

Updated: 2026-03-16T17:02:09.333Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-16T14:19:44.023

Modified: 2026-03-16T18:16:09.570

Link: CVE-2026-32772

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T13:39:30Z

Weaknesses