PT-2026-38241 · Jq · Jq

Nullbyte0X

Published

2026-05-06

Updated

2026-06-03

CVE-2026-43896

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions jq versions prior to 1.8.2

Description Unbounded recursion in the jv object merge recursive() function allows a specially crafted program to crash the process with a segmentation fault (segfault), which is an error occurring when a program attempts to access a memory location that it is not allowed to access. This issue is reachable through the '*' operator when both operands are objects.

Recommendations Update to version 1.8.2 or later.

Exploit

Fix

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

CVE-2026-43896

ECHO-DEED-A114-4949

OESA-2026-2424

OESA-2026-2425

OESA-2026-2426

OESA-2026-2427

OESA-2026-2487

OPENSUSE-SU-2026:10850-1

PT-2026-38241 · Jq · Jq

CVE-2026-43896

Weakness Enumeration

Related Identifiers

Affected Products

References · 43