Threats Tagged 'cve-2026-33948'
View all threats tagged with 'cve-2026-33948'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-33948'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-33948: CWE-170: Improper Null Termination in jqlang jqCVE-2026-33948 0 jq versions prior to commit 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where input parsing improperly handles embedded NUL bytes. The tool uses strlen() instead of the actual byte count from fgets(), causing it to truncate input at the first NUL byte and only validate the prefix as JSON. This allows attackers to craft inputs with a valid JSON prefix followed by malicious trailing data that jq ignores but downstream consumers may process. This vulnerability has been patched in the specified commit. Join the discussion | CVE Database V5 | 04/13/2026, 23:51:04 UTC Added: 04/14/2026, 00:01:53 UTC |
Showing 1 to 1 of 1 result