CVE-2026-43895— jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts
Possible ATT&CK Techniques 1AI
T1564.004 · NTFS File AttributesGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-43895
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts
Source: NVD (National Vulnerability Database)
Vulnerability Description
jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy or audit code may validate and the on-disk path that jq actually opens.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
jq 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
jq是jqlang开源的一个轻量级且灵活的命令行 JSON 处理器。 jq 1.8.1及之前版本存在输入验证错误漏洞,该漏洞源于jq在jq语言级别接受嵌入的NUL字节在导入路径中,但随后在模块和数据文件查找期间通过C字符串操作解析这些路径,导致逻辑导入字符串与jq实际打开的磁盘路径之间存在不匹配。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-43895
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-43895
请登录查看更多情报信息。
- https://github.com/jqlang/jq/security/advisories/GHSA-7q7g-mrq3-phxrx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2026-43895
Same Patch Batch · jqlang · 2026-05-11 · 7 CVEs total
| CVE-2026-43896 | 6.2 MEDIUM | jq: Stack Overflow in Recursive Object Merge |
| CVE-2026-43894 | 6.2 MEDIUM | jq: Wild stack write via signed-integer overflow in decNumber D2U() macro |
| CVE-2026-41256 | 5.5 MEDIUM | jq: Embedded NUL truncates top-level jq programs loaded with -f |
| CVE-2026-41257 | jq: Signed-int overflow in `stack_reallocate` (jq VM stack) | |
| CVE-2026-40612 | jq: Stack overflow via unbounded recursion in jv_contains | |
| CVE-2026-44777 | jq: stack overflow in module loading on mutual `include` |
IV. Related Vulnerabilities
Same product: jq
- CVE-2026-43896
jq: Stack Overflow in Recursive Object Merge - CVE-2026-44777
jq: stack overflow in module loading on mutual `include` - CVE-2026-43894
jq: Wild stack write via signed-integer overflow in decNumbe - CVE-2026-41256
jq: Embedded NUL truncates top-level jq programs loaded with - CVE-2026-40612
jq: Stack overflow via unbounded recursion in jv_contains
Same vendor: jqlang
- CVE-2026-43896
jq: Stack Overflow in Recursive Object Merge - CVE-2026-44777
jq: stack overflow in module loading on mutual `include` - CVE-2026-43894
jq: Wild stack write via signed-integer overflow in decNumbe - CVE-2026-41256
jq: Embedded NUL truncates top-level jq programs loaded with - CVE-2026-40612
jq: Stack overflow via unbounded recursion in jv_contains
V. Comments for CVE-2026-43895
No comments yet