Nixpkgs Security Tracker

Login with GitHub

Details of issue NIXPKGS-2026-0659

NIXPKGS-2026-0659

GitHub issue published on 16 Mar 2026

Permalink CVE-2026-32772

updated 5 days, 12 hours ago by @LeSuisse Activity log

Created automatic suggestion 1 week ago
@LeSuisse accepted 5 days, 12 hours ago
@LeSuisse published on GitHub 5 days, 12 hours ago

telnet in GNU inetutils through 2.7 allows servers to read …

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.

References

https://www.openwall.com/lists/oss-security/2026/03/13/1

Affected products

inetutils

=<2.7

Matching in nixpkgs

pkgs.inetutils

Collection of common network programs

nixos-unstable 2.7
- nixpkgs-unstable 2.7
- nixos-unstable-small 2.7
nixos-25.11 2.7
- nixos-25.11-small 2.7
- nixpkgs-25.11-darwin 2.7

Package maintainers

@matthewbauer Matthew Bauer <mjbauer95@gmail.com>

Upstream discussion: https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00038.html
OSS Sec thread: https://www.openwall.com/lists/oss-security/2026/03/13/1