CVE-2026-56740
JLine3 Telnet server remote-telnet module in JLine prior to versions 3.30.14, 4.0.16, and 4.2.1 does not limit the number of environment variables injected via Telnet NEW-ENVIRON. TelnetIO.readNEVariables() stores each variable pair in a HashMap within ConnectionData (lines 1127-1180), allowing a...