Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-41256

jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before the NUL. This leaves jq with a post-CVE-2026-33948 prefix/full-buffer mismatch on the compilation path even though the JSON parser path has already been fixed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.1%
CVSS Severity
CVSS v3 Score 5.5
Products affected by CVE-2026-41256
  • Jqlang » Jq » Version: 1.0
    cpe:2.3:a:jqlang:jq:1.0
  • Jqlang » Jq » Version: 1.1
    cpe:2.3:a:jqlang:jq:1.1
  • Jqlang » Jq » Version: 1.2
    cpe:2.3:a:jqlang:jq:1.2
  • Jqlang » Jq » Version: 1.3
    cpe:2.3:a:jqlang:jq:1.3
  • Jqlang » Jq » Version: 1.4
    cpe:2.3:a:jqlang:jq:1.4
  • Jqlang » Jq » Version: 1.5
    cpe:2.3:a:jqlang:jq:1.5
  • Jqlang » Jq » Version: 1.6
    cpe:2.3:a:jqlang:jq:1.6
  • Jqlang » Jq » Version: 1.7
    cpe:2.3:a:jqlang:jq:1.7
  • Jqlang » Jq » Version: 1.7-37-g88f01a7
    cpe:2.3:a:jqlang:jq:1.7-37-g88f01a7
  • Jqlang » Jq » Version: 1.7.1
    cpe:2.3:a:jqlang:jq:1.7.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved