CVE-2026-13501 | antlr ANTLR4 up to 4.13.2 gofmt GoTarget.java GoTarget command injection

A vulnerability identified as critical has been detected in antlr ANTLR4 up to 4.13.2. Affected by this vulnerability is the function GoTarget of the file tool/src/org/antlr/v4/codegen/target/GoTarget.java of the component gofmt. The manipulation leads to command injection.

This vulnerability is referenced as CVE-2026-13501. The attack can only be performed from a local environment. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-13501 | antlr ANTLR4 up to 4.13.2 gofmt GoTarget.java GoTarget command injection

Post correlati

CVE-2024-31113 | Easy Digital Downloads Plugin up to 3.2.11 on WordPress cross-site request forgery

CVE-2025-21397 | Microsoft

CVE-2026-30932 | Froxlor up to 2.3.4 API Endpoint DomainZones.add injection (GHSA-x6w6-2xwp-3jh6)

CVE-2025-6543 | Citrix NetScaler ADC/NetScaler Gateway prior 13.1-37.236-FIPS/13.1-59.19/14.1-47.46 memory corruption (CTX694788)