—

CVE-2026-44777

jqlang · jq

jq: stack overflow in module loading on mutual `include`

Description

A vulnerability, which was classified as problematic, has been found in jqlang jq up to 1.8.2rc1. This affects an unknown part of the component Ordinary Module Loader. Performing a manipulation results in uncontrolled recursion.

Affected Products

Vendor	Product	Versions
jqlang	jq	<= 1.8.2rc1

References

https://github.com/jqlang/jq/security/advisories/GHSA-rmpv-jgvr-wpr9(x_refsource_CONFIRM)

Related News (2 articles)

Tier A

Microsoft MSRC24d ago

CVE-2026-44777 jq: stack overflow in module loading on mutual `include`

→ No new info (linked only)

Tier C

VulDB47d ago

CVE-2026-44777 | jqlang jq up to 1.8.2rc1 Ordinary Module Loader recursion (GHSA-rmpv-jgvr-wpr9)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

CWECWE-674

PublishedMay 11, 2026

Last enriched47d agov2

Trending Score3

Source articles2

Independent2

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-39979EXP

jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers

Trending: 61

HIGHCVE-2026-49839EXP

jq --rawfile invalid-state reuse after String too long causes heap-buffer-overflow

Trending: 57

NONECVE-2026-47770

jq: stack overflow in deep structural equality

Trending: 13

NONECVE-2026-54679

jq: potential integer overflow in jvp_string_append

Trending: 13

MEDIUMCVE-2026-43894

jq: Wild stack write via signed-integer overflow in decNumber D2U() macro

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 11, 2026

Discovered by ZDM

May 11, 2026

Updated: description, severity

May 11, 2026

Version History

Last enriched 47d ago

v2Tier C47d ago

Updated description with more technical detail and changed severity to HIGH.

descriptionseverity

via VulDB

v147d ago

Initial creation