Back

Multiple jq Vulnerabilities in Ubuntu 26.04 LTS Lead to DoS and Code Execution Risks

Severity: Medium (Score: 57.8)

Sources: Linuxsecurity, Ubuntu

Summary

On April 28, 2026, Ubuntu released USN-8202-2 addressing several vulnerabilities in jq, a command-line JSON processor. These vulnerabilities include improper handling of string concatenations (CVE-2026-32316), recursion (CVE-2026-33947), improperly terminated strings (CVE-2026-33948), and variable type checking (CVE-2026-39956). Attackers could exploit these issues to cause denial of service or execute arbitrary code. The vulnerabilities were published on April 13, 2026, and affect Ubuntu 26.04 LTS and its derivatives. Users are advised to update their systems to mitigate these risks. The vulnerabilities could potentially lead to sensitive information leaks or service disruptions. The patch is available as part of a standard system update. Key Points: • Multiple vulnerabilities in jq could lead to denial of service or arbitrary code execution. • Affected versions include Ubuntu 26.04 LTS and its derivatives. • Users should update their systems to the latest package versions to mitigate risks.

Key Entities

  • DDoS (attack_type)
  • CVE-2026-32316 (cve)
  • CVE-2026-33947 (cve)
  • CVE-2026-33948 (cve)
  • CVE-2026-39956 (cve)
  • CVE-2026-39979 (cve)
  • Ubuntu (company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed