Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-43896

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jv_object_merge_recursive() allows a crafted jq program to crash the process with a segfault. The function is reachable through the * operator when both operands are objects.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.9%
CVSS Severity
CVSS v3 Score 6.2
Products affected by CVE-2026-43896
  • Jqlang » Jq » Version: 1.0
    cpe:2.3:a:jqlang:jq:1.0
  • Jqlang » Jq » Version: 1.1
    cpe:2.3:a:jqlang:jq:1.1
  • Jqlang » Jq » Version: 1.2
    cpe:2.3:a:jqlang:jq:1.2
  • Jqlang » Jq » Version: 1.3
    cpe:2.3:a:jqlang:jq:1.3
  • Jqlang » Jq » Version: 1.4
    cpe:2.3:a:jqlang:jq:1.4
  • Jqlang » Jq » Version: 1.5
    cpe:2.3:a:jqlang:jq:1.5
  • Jqlang » Jq » Version: 1.6
    cpe:2.3:a:jqlang:jq:1.6
  • Jqlang » Jq » Version: 1.7
    cpe:2.3:a:jqlang:jq:1.7
  • Jqlang » Jq » Version: 1.7-37-g88f01a7
    cpe:2.3:a:jqlang:jq:1.7-37-g88f01a7
  • Jqlang » Jq » Version: 1.7.1
    cpe:2.3:a:jqlang:jq:1.7.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved