Denial of Service Vulnerability in JLine Telnet Server - JLine Vendor
CVE-2026-56741
7.5HIGH
What is CVE-2026-56741?
The JLine Telnet server prior to specific versions is vulnerable to a denial of service due to improper handling of terminal dimensions received from clients. This flaw allows unauthenticated attackers to exploit the Telnet NAWS option, enabling them to send arbitrary large values for width and height parameters. When processed, these excessive values may lead to continuous resource consumption on the server, resulting in CPU exhaustion and potential service outages. JLine has addressed this issue in releases 3.30.14, 4.0.16, and 4.2.1, imposing strict limits on terminal size to mitigate the risk.
Affected Version(s)
jline3 < 3.30.14 < 3.30.14
jline3 >= 4.0.0, < 4.0.16 < 4.0.0, 4.0.16
jline3 >= 4.1.0, < 4.2.1 < 4.1.0, 4.2.1
