{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-32772", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-03-13T21:01:17.399Z", "datePublished": "2026-03-13T21:01:17.782Z", "dateUpdated": "2026-03-16T17:02:16.817Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "inetutils", "vendor": "GNU", "versions": [{"lessThanOrEqual": "2.7", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-669", "description": "CWE-669 Incorrect Resource Transfer Between Spheres", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-13T21:10:46.673Z"}, "references": [{"url": "https://www.openwall.com/lists/oss-security/2026/03/13/1"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}}, "adp": [{"references": [{"url": "https://www.openwall.com/lists/oss-security/2026/03/13/1", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T17:02:13.267475Z", "id": "CVE-2026-32772", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T17:02:16.817Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32772", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T17:02:13.267475Z"}}}], "references": [{"url": "https://www.openwall.com/lists/oss-security/2026/03/13/1", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T17:02:09.333Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.4, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "GNU", "product": "inetutils", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.7"}], "defaultStatus": "unknown"}], "references": [{"url": "https://www.openwall.com/lists/oss-security/2026/03/13/1"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-669", "description": "CWE-669 Incorrect Resource Transfer Between Spheres"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-13T21:10:46.673Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32772", "state": "PUBLISHED", "dateUpdated": "2026-03-16T17:02:16.817Z", "dateReserved": "2026-03-13T21:01:17.399Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-13T21:01:17.782Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:inetutils:*:*:*:*:*:*:*:*", "matchCriteriaId": "6381CFAE-9A10-40ED-BC93-1DB55CB44327", "versionEndIncluding": "2.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR."}, {"lang": "es", "value": "telnet en GNU inetutils a trav\u00e9s de 2.7 permite a los servidores leer variables de entorno arbitrarias de los clientes a trav\u00e9s de NEW_ENVIRON SEND USERVAR."}], "id": "CVE-2026-32772", "lastModified": "2026-05-05T17:55:23.870", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-16T14:19:44.023", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2026/03/13/1"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2026/03/13/1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-669"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.7]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "inetutils", "source": "cna", "vendor": "GNU"}, "product": "inetutils", "vendor": "gnu"}], "analysis": {"en": {"generated_at": "2026-03-19T15:40:56.770472+00:00", "value": {"mitigation_remediation": ["Upgrade GNU\u00a0Inetutils to a version newer than 2.7 where the telnet server no longer processes NEW_ENVIRON SEND USERVAR from clients.", "Verify that the updated version has the improved environment handling as described in the vendor's release notes.", "If upgrading is not immediately possible, restrict telnet traffic to trusted hosts using firewall rules or disable the telnet service altogether.", "Monitor network traffic for telnet sessions that include NEW_ENVIRON commands as a potential indicator of exploitation attempts."], "summary": {"action": "Assess Impact", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Affected products are the telnet service in GNU\u00a0Inetutils versions up to and including 2.7. The problem exists in all builds that implement the standard telnet protocol without guarding against the NEW_ENVIRON request. No specific vendor release notes are provided, but the advisory warns that any version of inetutils\u00a02.7 or earlier is vulnerable.", "description_and_impact": "The vulnerability originates from the telnet server component of GNU\u00a0Inetutils. It permits a client to send the NEW_ENVIRON and SEND USERVAR commands such that the server will read and expose arbitrary environment variables contained in the client\u2019s environment. This behaviour results in the disclosure of sensitive information that may be available only to the client process. The weakness is a classic information\u2011exposure through an interface issue, mapped to CWE\u2011669.", "risk_and_exploitability": "This issue carries a CVSS\u00a0v3.1 base score of 3.4, indicating low overall severity. The EPSS score is reported to be below 1\u202f%, and the vulnerability is not listed in the CISA KEV catalog, suggesting a low probability of widespread exploitation. An attacker would need to establish a telnet session to a vulnerable server and send the NEW_ENVIRON command with crafted environment data. The exploit does not require elevated privileges on the server side and may be performed by a remote client connecting to the telnet port."}}}}, "created": "2026-03-16T09:22:54.580788+00:00", "title": "Information Disclosure via NEW_ENVIRON in GNU Inetutils Telnet", "updated": "2026-03-23T13:39:30.073598+00:00", "vendors": ["gnu", "gnu$PRODUCT$inetutils"]}