PT-2026-60885 · Jline · Jline

CVE-2026-56741

·

Published

2026-07-17

·

Updated

2026-07-18

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions JLine versions prior to 3.30.14 JLine versions prior to 4.0.16 JLine versions prior to 4.2.1
Description The JLine3 Telnet server remote-telnet module fails to apply an upper bound to terminal dimensions received via the Telnet NAWS option. The handleNAWS() function in TelIO.java reads client-supplied width and height as 16-bit unsigned integers and passes these values to setTerminalGeometry(). An unauthenticated remote attacker can repeatedly alternate these values, such as 65535x65535, to trigger continuous expensive rendering work, leading to CPU exhaustion and a denial of service.
Recommendations Update to version 3.30.14 or later. Update to version 4.0.16 or later. Update to version 4.2.1 or later.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-56741

Affected Products

Jline