Zero Day MonitorZDM

← Back to list

6.2

CVE-2026-43894

jqlang · jq

jq: Wild stack write via signed-integer overflow in decNumber D2U() macro

Description

A vulnerability has been found in jqlang jq up to 1.8.1 and classified as problematic. Affected by this issue is the function D2U. Performing a manipulation results in integer overflow. This vulnerability is known as CVE-2026-43894. Attacking locally is a requirement.

Affected Products

Vendor	Product	Versions
jqlang	jq	<= 1.8.1

References

https://github.com/jqlang/jq/security/advisories/GHSA-5v7p-2r57-2g4g(x_refsource_CONFIRM)

Related News (3 articles)

Tier A

Microsoft MSRC45d ago

CVE-2026-43894 jq: Wild stack write via signed-integer overflow in decNumber D2U() macro

→ No new info (linked only)

Tier C

VulDB47d ago

CVE-2026-43894 | jqlang jq up to 1.8.1 D2U integer overflow (GHSA-5v7p-2r57-2g4g)

→ No new info (linked only)

Tier B

BSI Advisories52d ago

[NEU] [mittel] jq: Schwachstelle ermöglicht Denial of Service

→ No new info (linked only)

CVSS 3.16.2 MEDIUM

VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited❌ No

CWECWE-190

PublishedMay 11, 2026

Last enriched47d agov2

Trending Score0

Source articles3

Independent3

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-39979EXP

jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers

HIGHCVE-2026-49839EXP

jq --rawfile invalid-state reuse after String too long causes heap-buffer-overflow

NONECVE-2026-47770

jq: stack overflow in deep structural equality

NONECVE-2026-54679

jq: potential integer overflow in jvp_string_append

HIGHCVE-2026-44777

jq: stack overflow in module loading on mutual `include`

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 11, 2026

Discovered by ZDM

May 11, 2026

Updated: description

May 11, 2026

Version History

v2

Last enriched 47d ago

v2Tier C47d ago

Updated description with new details and confirmed no exploit is available.

description

via VulDB

v147d ago

Initial creation