PT-2026-39721 · Jq · Jq

Fuyu0425

·

Published

2026-05-11

·

Updated

2026-05-29

·

CVE-2026-44777

CVSS v4.0

6.8

Medium

VectorAV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions jq versions prior to 1.8.2rc2
Description The ordinary module loader in this command-line JSON processor recurses without cycle detection when two valid modules include each other.
Recommendations Update to a version later than 1.8.2rc1.

Exploit

Fix

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-44777
ECHO-E27D-8BAB-6648
GHSA-RMPV-JGVR-WPR9
OESA-2026-2424
OESA-2026-2425
OESA-2026-2426
OESA-2026-2427
OESA-2026-2487
OPENSUSE-SU-2026:10850-1

Affected Products

Jq