CVE Catalog

CVE-2026-54679

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile — higher than 1% of all known CVEs

Summary

In jq prior to version 1.8.2, on 32-bit systems, the jvp_string_append function may experience integer overflow, leading to a massive buffer overrun.

Risk Assessment

An attacker could exploit this vulnerability to execute arbitrary code or cause application crashes, threatening system confidentiality and availability.

Recommendation

Immediately update jq to version 1.8.2 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvp_string_append has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS