CVE-2026-56741 is a high-severity denial of service vulnerability in the JLine Telnet server. The vulnerability exists in the JLine3 Telnet server remote-telnet module, where an unauthenticated remote attacker can trigger continuous expensive rendering work, causing CPU exhaustion and denial of service. This is achieved by sending crafted terminal dimensions via the Telnet NAWS option. The vulnerability i [truncated]
CVE-2026-56740 is a high-severity vulnerability in the JLine library, specifically in the JLine3 Telnet server remote-telnet module. The vulnerability allows an unauthenticated attacker to flood unique variable pairs via the Telnet NEW-ENVIRON option, leading to an OutOfMemoryError and potential JVM heap exhaustion. This issue is fixed in versions 3.30.14, 4.0.16, and 4.2.1.