CVE-2026-33947 | jqlang jq up to 1.8.1 src/jv_aux.c jv_setpath/jv_getpath/delpaths_sorted path recursion (GHSA-xwrw-4f8h-rjvg)

Inserito da Angelo Barbosa | Apr 14, 2026 | CVE

A vulnerability categorized as problematic has been discovered in jqlang jq up to 1.8.1. The impacted element is the function jv_setpath/jv_getpath/delpaths_sorted of the file src/jv_aux.c. Executing a manipulation of the argument path can lead to uncontrolled recursion.

This vulnerability is tracked as CVE-2026-33947. The attack is restricted to local execution. No exploit exists.

Applying a patch is advised to resolve this issue.

CVE-2026-33947 | jqlang jq up to 1.8.1 src/jv_aux.c jv_setpath/jv_getpath/delpaths_sorted path recursion (GHSA-xwrw-4f8h-rjvg)

Post correlati

CVE-2025-4080 | PHPGurukul Online Nurse Hiring System 1.0 /admin/view-request.php viewid sql injection

CVE-2024-48859 | QNAP QTS/QuTS hero improper authentication (qsa-24-49)

CVE-2025-4540 | MTSoftware C-Lodop 6.6.1.1 CLodopPrintService unquoted search path

CVE-2026-4086 | newbiesup WP Random Button Plugin up to 1.0 on WordPress Shortcode random_button_html nocat cross site scripting