CVE-2026-56741
jline · jline3
JLine3 is affected by an uncontrolled resource consumption vulnerability that allows unauthenticated remote attackers to cause a denial of service.
Executive summary
A high severity denial of service vulnerability exists in the JLine3 library that may allow remote, unauthenticated attackers to exhaust system resources.
Vulnerability
This vulnerability is classified as CWE-400 (Uncontrolled Resource Consumption). It allows an unauthenticated remote attacker to cause excessive resource usage, leading to a denial of service condition.
Business impact
With a CVSS score of 7.5, this vulnerability represents a significant threat to service availability. Organizations relying on JLine3 for console input processing may face service outages if an attacker successfully triggers the resource consumption flaw. The lack of required authentication makes this an attractive target for automated denial of service attacks.
Remediation
Immediate Action: Update jline3 to version 3.30.14, 4.0.16, or 4.2.1 depending on your current deployment branch.
Proactive Monitoring: Review application logs for unexpected input patterns or frequent error messages related to resource exhaustion.
Compensating Controls: Deploy Web Application Firewalls or ingress filters to block or limit traffic patterns that exhibit characteristics of resource-heavy requests.
Exploitation status
Public Exploit Available: No (exploit_available: false)
Analyst recommendation
Security teams must treat this denial of service vulnerability with high urgency. Patching the library to the versions listed above is required to prevent potential operational disruption.