CVE-2026-44777

Description

jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other.

References

• https://github.com/jqlang/jq/security/advisories/GHSA-rmpv-jgvr-wpr9