Main Vulnerability Database Exploits ID:12697 - Exploit for Improper Neutralization of Null Byte or NUL Character in jq - CVE-2026-43895

ID:12697 - Exploit for Improper Neutralization of Null Byte or NUL Character in jq - CVE-2026-43895

Published: May 11, 2026

Vulnerability identifier: #VU130919

Vulnerability risk: Low

CVE-ID: CVE-2026-43895

CWE-ID: CWE-158

Exploitation vector: Local access

Vulnerable software:
jq

Link to public exploit:

https://github.com/jqlang/jq/security/advisories/GHSA-7q7g-mrq3-phxr/#poc

Vulnerability description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to improper neutralization of null byte or NUL character in src/linker.c. A local user can cause the target application to load a different module or JSON data file than the one approved by the policy layer.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

ID:12697 - Exploit for Improper Neutralization of Null Byte or NUL Character in jq - CVE-2026-43895

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human