A newly disclosed vulnerability in jq, the ubiquitous command-line JSON processor, has raised alarms across DevOps and security teams. Tracked as CVE-2026-43895, this moderate-severity flaw allows attackers to craft import paths containing embedded NUL characters, bypassing redaction filters in automated data processing pipelines. The bug, published in May 2026, is now monitored by GitHub’s Security Advisory Database, the National Vulnerability Database (NVD), and Microsoft’s Security Update Guide, underscoring its broad reach across development ecosystems.

jq has long been the Swiss Army knife for slicing, filtering, mapping, and transforming JSON. It is deeply embedded in countless CI/CD pipelines, log parsers, and cloud automation scripts. Its concise syntax and portability made it a favorite among developers on Linux, macOS, and increasingly, on Windows through WSL, MSYS2, and native builds. But that ubiquity now amplifies the risk: a single malformed input can silently exfiltrate secrets that jq was supposed to scrub.

How the NUL Byte Import Path Attack Works

At the core of CVE-2026-43895 lies the mishandling of NUL (\0) characters within the import directive. jq supports a module system that can load filters from external files using import "path" as $module; or its longer include counterpart. When parsing the import path, jq relies on standard C-style string routines that treat a NUL byte as the string terminator. Consequently, a path like "sensitive.redacted\0bypass.json" is truncated to "sensitive.redacted" after the NUL.

An attacker who controls part of the JSON input or the filter expression—common in multi-tenant systems or when jq processes user-supplied queries—can inject a NUL byte into the filename. jq then loads a file the developer never intended, potentially one containing unfiltered secrets. The redaction logic, which was meant to mask or remove sensitive fields, is effectively short-circuited because jq uses the truncated path to locate the module, not the fully specified, sanitized path.

Consider a pipeline that uses jq to redact API keys before forwarding logs to a public dashboard. A filter like:

jq -n 'import "redact_functions" as f; ... | f::strip_secrets'

If an attacker can influence the environment or command line to embed a NUL in the import string, jq might instead load a different file entirely—perhaps an empty or malicious filter that does nothing. The result is that the supposedly redacted output retains all the original secrets, which then flow downstream unchecked.

Real-World Impact in DevOps Pipelines

The vulnerability is particularly dangerous in automated settings where jq is invoked with dynamic paths. Continuous integration and continuous deployment (CI/CD) workflows often use jq to parse build artifacts, extract environment variables, or mask credentials before logging. A compromised build script, a malicious pull request, or a dependency confusion attack could slip a NUL-byte-laced import into the jq command, defeating the redaction step without any visible error.

Because jq’s import mechanism is quiet by default, the substitution happens silently. There is no warning that the intended redaction module was not loaded. Security scanners looking for plain-text secrets in logs might then miss the exposure, as the data appears only after the jq transformation has failed. This makes CVE-2026-43895 a potent enabler of data leaks, even if it cannot directly execute arbitrary code.

Affected Versions and Patching

The jq maintainers have acknowledged the flaw and released a patch. All versions of jq prior to the fix are susceptible. The patched build, available from the official GitHub repository, ensures that import paths are validated and NUL characters are either rejected or properly escaped before the file system lookup. The exact version number will vary by distribution, but the fix is backported to the most widely used stable branches.

Microsoft’s inclusion in the Security Update Guide indicates that jq is either bundled with certain Microsoft products or that the vulnerability affects Windows-based jq installations in a way that warrants a coordinated response. Developers running jq on Windows—whether natively, via WSL, or inside containers—should prioritize updating. The NVD entry provides a CVSS score, expected to be in the moderate range (around 5.0–6.5), reflecting the need for a specific attack vector but the high impact when exploited.

Official Tracking and Advisories

GitHub issued a security advisory (GHSA-pending) alongside the CVE assignment, detailing the technical reproduction steps and a proof-of-concept. The advisory emphasizes that while the immediate risk is most acute for systems where external input reaches the jq interpreter, the sheer volume of jq usage makes a far-reaching audit advisable. Microsoft’s Security Update Guide references the same CVE, advising Windows administrators to apply any relevant OS updates that may include the fixed jq binary. The NVD’s entry provides a single source of truth for vulnerability management teams.

Mitigation and Workarounds

Until patching can be completed, security teams can mitigate the risk with simple controls:

  • Input sanitization: Scan and reject any input containing NUL bytes before it reaches jq. Most scripting languages and shell utilities have ready methods to strip such characters.
  • Hardcoding paths: Wherever feasible, hardcode jq module paths rather than constructing them from variables or user input. Static paths are immune to truncation attacks.
  • File system permissions: Restrict jq’s module search path to a directory containing only trusted, read-only filter files. If an attacker cannot write to that directory, the truncated path becomes harmless.
  • Command-line auditing: Review all CI/CD configurations and container images that call jq with the -L or --module flags, ensuring no opportunity for tainted input.
  • Runtime monitoring: Enable verbose logging in jq during testing to spot unexpected file loads; while not a production solution, it can aid forensics.

Broader Implications for Supply Chain Security

CVE-2026-43895 is not an isolated slip. It mirrors a class of NUL-byte vulnerabilities that have plagued parsers and interpreters for decades—from PHP’s null-byte issues to Python’s path handling quirks. The incident reinforces the importance of treating all external input as hostile, even in small, trusted tools like jq. For years, developers have reflexively piped JSON through jq without considering that the filter expression itself could be an attack vector.

The pipeline-centric nature of modern software delivery makes every link a potential weak point. A tool that handles secrets, even ephemerally, must be as rigorously vetted as any network-facing service. Organizations should now add jq to their dependency scanning tools and include it in regular security reviews, especially given its frequent appearance in cloud-init scripts, GitHub Actions workflows, and Dockerfiles.

Microsoft’s direct involvement also highlights the growing recognition that command-line tools in the Windows ecosystem are just as critical as kernel modules. The integration of jq into Windows environments—through package managers like winget and Choco, and as a companion to PowerShell—has brought Linux-like agility to Windows automation. But it also imports Linux-born vulnerabilities. Administrators who manage hybrid environments must now patch jq with the same urgency they apply to Windows updates.

Looking Ahead

The response to CVE-2026-43895 will likely accelerate efforts to harden jq’s string handling more broadly. The maintainers have already signaled plans for a security-focused audit of all file I/O operations, not just imports. Feature discussions are underway to allow jq filters to explicitly declare a safe mode where external file access is disabled entirely—a move that would eliminate an entire class of injection attacks.

For the Windows community, this CVE serves as a reminder that the security posture of cross-platform tools cannot be an afterthought. As the line between operating systems blurs, vulnerabilities travel faster and hit harder. Patch management, configuration hardening, and a culture of security-as-code are the only durable defenses.

CVE-2026-43895 will not be the last flaw found in a beloved open-source utility. But it offers a clear lesson: when a tool has the power to transform and transport data silently, the paths it takes demand our strictest scrutiny.