Important: jq

🗓️ 22 Jun 2026 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 4 Views

jq rawfile invalid-state causes heap buffer overflow CVE 2026 49839; update with dnf commands.

Reporter	Title	Published	Views	Family All 15
ATTACKERKB	CVE-2026-49839	25 Jun 202617:17	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : jq, jq-devel (ALAS2023-2026-1860)	22 Jun 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-49839	10 Jun 202600:00	–	nessus
AlpineLinux	CVE-2026-49839	25 Jun 202617:17	–	alpinelinux
Circl	CVE-2026-49839	25 Jun 202617:55	–	circl
CVE	CVE-2026-49839	25 Jun 202617:17	–	cve
Cvelist	CVE-2026-49839 jq --rawfile invalid-state reuse after String too long causes heap-buffer-overflow	25 Jun 202617:17	–	cvelist
Debian CVE	CVE-2026-49839	25 Jun 202617:17	–	debiancve
EUVD	EUVD-2026-39500	25 Jun 202617:17	–	euvd
NVD	CVE-2026-49839	25 Jun 202618:16	–	nvd

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	jq	1.8.1-60.amzn2023	jq-1.8.1-60.amzn2023.aarch64.rpm
Amazon Linux	2	x86_64	jq	1.8.1-60.amzn2023	jq-1.8.1-60.amzn2023.x86_64.rpm
Amazon Linux	2	aarch64	jq-debuginfo	1.8.1-60.amzn2023	jq-debuginfo-1.8.1-60.amzn2023.aarch64.rpm
Amazon Linux	2	x86_64	jq-debuginfo	1.8.1-60.amzn2023	jq-debuginfo-1.8.1-60.amzn2023.x86_64.rpm
Amazon Linux	2	aarch64	jq-debugsource	1.8.1-60.amzn2023	jq-debugsource-1.8.1-60.amzn2023.aarch64.rpm
Amazon Linux	2	x86_64	jq-debugsource	1.8.1-60.amzn2023	jq-debugsource-1.8.1-60.amzn2023.x86_64.rpm
Amazon Linux	2	aarch64	jq-devel	1.8.1-60.amzn2023	jq-devel-1.8.1-60.amzn2023.aarch64.rpm
Amazon Linux	2	x86_64	jq-devel	1.8.1-60.amzn2023	jq-devel-1.8.1-60.amzn2023.x86_64.rpm

22 Jun 2026 00:00Current

5.8Medium risk

Vulners AI Score5.8

EPSS0.00018

jq heap buffer overflow CVE 2026 49839 update command Amazon Linux 2023 dnf update