Skip to main content

jq (Alpine Linux) EUVDEUVD-2026-39499

| CVE-2026-54679 MEDIUM
Integer Overflow or Wraparound (CWE-190)
N/A vendor:alpine
6.9
CVSS 4.0 · Vendor: vendor:alpine
Share

Severity by source

Vendor (vendor:alpine) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (vendor:alpine) · only source for this CVE.

CVSS VectorVendor: vendor:alpine

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jun 25, 2026 - 19:17 EUVD
CVSS changed
Jun 25, 2026 - 18:22 NVD
6.9 (MEDIUM)
Analysis Generated
Jun 22, 2026 - 17:01 vuln.today

DescriptionCVE.org

Alpine Linux: jq fixed in 1.8.2-r0

AnalysisAI

jq, the command-line JSON processor, was patched in Alpine Linux with package version 1.8.2-r0. The specific vulnerability details - including the nature of the flaw, affected upstream jq versions, and precise impact - are not disclosed in the available intelligence. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Unknown prerequisite
Exploit
Trigger uncharacterized jq defect
Impact
Unknown impact

Vulnerability AssessmentAI

Exploitation Exploitation conditions cannot be determined - no vulnerability description, CVSS vector, or advisory detail was provided. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Risk cannot be meaningfully assessed from the available data. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario No exploit scenario can be constructed. The vulnerability description contains only a package fix version and no information about attack prerequisites, exploitation method, or impact. …
Remediation The vendor-released fix for Alpine Linux users is to upgrade the jq package to version 1.8.2-r0 or later using 'apk upgrade jq'. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Jq

View all
CVE-2024-53427 HIGH POC
8.1 Feb 26

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which ha

CVE-2015-8863 CRITICAL
9.8 May 06

Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (cras

CVE-2025-48060 HIGH POC
7.7 May 21

jq is a command-line JSON processor. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no auth

CVE-2016-4074 HIGH POC
7.5 May 06

The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and applicat

CVE-2023-49355 HIGH POC
7.5 Dec 11

decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" inpu

CVE-2023-50268 MEDIUM POC
5.5 Dec 13

jq is a command-line JSON processor. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Publ

CVE-2023-50246 MEDIUM POC
5.5 Dec 13

jq is a command-line JSON processor. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Publ

CVE-2026-32316 HIGH
8.2 Apr 13

Heap buffer overflow in jq command-line JSON processor (all versions through 1.8.1) allows remote unauthenticated attack

CVE-2026-49839 HIGH
7.1

Out-of-bounds write in the jq command-line JSON processor (CWE-787) lets a crafted JSON input corrupt memory when parsed

CVE-2026-39979 MEDIUM
6.9 Apr 13

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() AP

CVE-2026-47770 MEDIUM
6.8

jq on Alpine Linux was patched in package version 1.8.2-r0, addressing an unspecified vulnerability. The nature of the f

CVE-2026-43894 MEDIUM
6.2 May 11

Buffer overflow in jq 1.8.1 and earlier allows local attackers to cause denial of service by providing a crafted JSON nu

Share

EUVD-2026-39499 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy