CVE-2026-13502 | antlr ANTLR4 up to 4.13.2 Maven Plugin GrammarDependencies.java ObjectInputStream.readObject toctou

A vulnerability marked as problematic has been reported in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Maven Plugin. This manipulation causes time-of-check time-of-use.

This vulnerability is tracked as CVE-2026-13502. The attack is restricted to local execution. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-13502 | antlr ANTLR4 up to 4.13.2 Maven Plugin GrammarDependencies.java ObjectInputStream.readObject toctou

Post correlati

CVE-2026-42295 | argoproj argo-workflows up to 4.0.4 Artifact Repository Credential insufficiently protected credentials

CVE-2025-49463 | Zoom Workplace/Meeting SDK/Rooms/Rooms Controller up to 6.4.4 on iOS control flow

CVE-2023-48966 | ThinkAdmin 6.1.53 ZIP File unrestricted upload

CVE-2024-35911 | Linux Kernel up to 6.6.25/6.8.4 ice_vsi_free_q_vectors null pointer dereference (e40a02f06ceb/11ff8392943e/1cb7fdb1dfde)