A vulnerability identified as critical has been detected in jqlang jq up to 1.8.1 . Affected is the function jv_string_append_buf . Performing a manipulation results in out-of-bounds write. This vulnerability is reported as CVE-2026-49839 . The attack requires a local approach. No exploit exists. You should upgrade the affected component.