Disclosed on July 17, 2026 (updated July 18, 2026)
PGV-2652469 is a category 2 vulnerabilty that affects the following packages:
The risk assessment shows that this vulnerability is exlpoited by a external attacker. An unauthorized external actor who attempts to exploit this vulnerability without legitimate access.
The impact is contained to the application. Exploitation remains confined to the application and cannot affect the host environment or external systems.
The threat damage is caused by a denial of service. Exploitation can completely deny access to the application, resulting in a full outage.
JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not apply an upper bound to terminal dimensions received via the Telnet NAWS option, and TelnetIO.handleNAWS() in TelnetIO.java:856-879 reads client-supplied width and height as 16-bit unsigned integers and passes values such as 65535x65535 to setTerminalGeometry(), allowing an unauthenticated remote attacker to repeatedly alternate values and trigger continuous expensive rendering work that causes CPU exhaustion and denial of service. This issue is fixed in versions 3.30.14, 4.0.16, and 4.2.1.
| Network Exposure | External Accessable from the public internet |
| Access Interface | WebBrowser Primarily web-based applications |
| Service Outage | Disruptive Operations would be impacted |
| Data Breach | Disruptive Operations would be impacted |
| Data Tampering | Disruptive Operations would be impacted |
| Customize | |