Greetings, It appears the inetutils telnet client will unconditionally leak requested environment variables to a server via the NEW-ENVIRON option and the SEND ENV_USERVAR command. No explicit export is required by the user.
I sent a message [1] to the oss-security list today that contains my findings regarding the inetutils telnet client, and a few other leaky telnet client implementations. Regards, Justin --- [1] https://www.openwall.com/lists/oss-security/2026/03/13/1
