CVE-2026-49839 | jqlang jq up to 1.8.1 jv_string_append_buf out-of-bounds write

June 25, 2026 Yanac

A vulnerability identified as critical has been detected in jqlang jq up to 1.8.1. Affected is the function jv_string_append_buf. Performing a manipulation results in out-of-bounds write.

This vulnerability is reported as CVE-2026-49839. The attack requires a local approach. No exploit exists.

You should upgrade the affected component.VulDB Recent EntriesRead More