๐Ÿ” CVE Alert

CVE-2026-44777

UNKNOWN 0.0

jq: stack overflow in module loading on mutual `include`

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other.

CWE CWE-674
Vendor jqlang
Product jq
Published May 11, 2026
Last Updated May 11, 2026
Stay Ahead of the Next One

Get instant alerts for jqlang jq

Be the first to know when new unknown vulnerabilities affecting jqlang jq are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

jqlang / jq
<= 1.8.2rc1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/jqlang/jq/security/advisories/GHSA-rmpv-jgvr-wpr9