CVE-2026-56741

jline · jline3

JLine3 is affected by an uncontrolled resource consumption vulnerability that allows unauthenticated remote attackers to cause a denial of service.

Executive summary

A high severity denial of service vulnerability exists in the JLine3 library that may allow remote, unauthenticated attackers to exhaust system resources.

Vulnerability

This vulnerability is classified as CWE-400 (Uncontrolled Resource Consumption). It allows an unauthenticated remote attacker to cause excessive resource usage, leading to a denial of service condition.

Business impact

With a CVSS score of 7.5, this vulnerability represents a significant threat to service availability. Organizations relying on JLine3 for console input processing may face service outages if an attacker successfully triggers the resource consumption flaw. The lack of required authentication makes this an attractive target for automated denial of service attacks.

Remediation

Immediate Action: Update jline3 to version 3.30.14, 4.0.16, or 4.2.1 depending on your current deployment branch.

Proactive Monitoring: Review application logs for unexpected input patterns or frequent error messages related to resource exhaustion.

Compensating Controls: Deploy Web Application Firewalls or ingress filters to block or limit traffic patterns that exhibit characteristics of resource-heavy requests.

Exploitation status

Public Exploit Available: No (exploit_available: false)

Analyst recommendation

Security teams must treat this denial of service vulnerability with high urgency. Patching the library to the versions listed above is required to prevent potential operational disruption.