Denial of Service Vulnerability in JLine Telnet Server - JLine Vendor
CVE-2026-56741

7.5HIGH

Key Information:

Vendor

Jline

Status
Vendor
CVE Published:
17 July 2026

What is CVE-2026-56741?

The JLine Telnet server prior to specific versions is vulnerable to a denial of service due to improper handling of terminal dimensions received from clients. This flaw allows unauthenticated attackers to exploit the Telnet NAWS option, enabling them to send arbitrary large values for width and height parameters. When processed, these excessive values may lead to continuous resource consumption on the server, resulting in CPU exhaustion and potential service outages. JLine has addressed this issue in releases 3.30.14, 4.0.16, and 4.2.1, imposing strict limits on terminal size to mitigate the risk.

Affected Version(s)

jline3 < 3.30.14 < 3.30.14

jline3 >= 4.0.0, < 4.0.16 < 4.0.0, 4.0.16

jline3 >= 4.1.0, < 4.2.1 < 4.1.0, 4.2.1

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.