CVE Catalog
CVE-2026-54679
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk0.10%
1th percentile — higher than 1% of all known CVEs
Summary
In jq prior to version 1.8.2, on 32-bit systems, the jvp_string_append function may experience integer overflow, leading to a massive buffer overrun.
Risk Assessment
An attacker could exploit this vulnerability to execute arbitrary code or cause application crashes, threatening system confidentiality and availability.
Recommendation
Immediately update jq to version 1.8.2 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvp_string_append has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2.

