๐Ÿ” CVE Alert

CVE-2026-54679

UNKNOWN 0.0

jq: potential integer overflow in jvp_string_append

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvp_string_append has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2.

CWE CWE-190
Vendor jqlang
Product jq
Published Jun 25, 2026
Last Updated Jun 25, 2026
Stay Ahead of the Next One

Get instant alerts for jqlang jq

Be the first to know when new unknown vulnerabilities affecting jqlang jq are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

jqlang / jq
< 1.8.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/jqlang/jq/security/advisories/GHSA-29gj-222p-j7vx