CVE-2026-32316 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: April 13, 2026
jq - Integer Overflow & Heap-based Buffer Overflow
Overview
jq <= 1.8.1 contains an integer overflow caused by lack of string size bounds checking in jvp_string_append() and jvp_string_copy_replace_bad, letting attackers cause heap buffer overflow and potential code execution by crafting large strings, exploit requires evaluation of untrusted jq queries.
Severity & Score
Impact
Attackers can cause process crashes or potentially execute code via heap corruption by crafting large strings in jq queries.
Mitigation
Update to the version including commit e47e56d226519635768e6aab2f38f0ab037c09e5 or later.
References
Social Media Activity(2 posts)
š CVE-2026-32316 - High (8.2) jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strings with a combined length exceeding 2^31 bytes c... š https://www.thehackerwire.com/vulnerability/CVE-2026-32316/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-32316 - High (8.2) jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strings with a combined length exceeding 2^31 bytes c... š https://www.thehackerwire.com/vulnerability/CVE-2026-32316/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-32316
- Severity
- High
- CVSS Score
- 8.2
- Type
- integer_overflow
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-122
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H