CVE-2026-13503 | antlr ANTLR4 up to 4.13.2 tokenVocab Grammar Option TokenVocabParser.java getImportedVocabFile path traversal

A vulnerability labeled as critical has been found in antlr ANTLR4 up to 4.13.2. Affected by this issue is the function getImportedVocabFile of the file tool/src/org/antlr/v4/parse/TokenVocabParser.java of the component tokenVocab Grammar Option Handler. The manipulation results in path traversal.

This vulnerability is identified as CVE-2026-13503. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-13503 | antlr ANTLR4 up to 4.13.2 tokenVocab Grammar Option TokenVocabParser.java getImportedVocabFile path traversal

Post correlati

CVE-2025-40888 | Nozomi Guardian/CMC up to 25.2.x CLI sql injection

CVE-2024-12484 | Codezips Technical Discussion Forum 1.0 /signuppost.php Username sql injection

CVE-2020-36771 | CloudLinux CageFS up to 7.1.1-1 Authentication Token unknown vulnerability

CVE-2026-11434 | FluentCMS 0.0.5 Blocks Plugin /admin/blocks cross site scripting