These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-13503 is a path traversal vulnerability detected in antlr ANTLR4 up to version 4.13.2. The issue affects the function getImportedVocabFile in the file tool/src/org/antlr/v4/parse/TokenVocabParser.java of the component tokenVocab Grammar Option Handler. This vulnerability allows for remote exploitation, and a public exploit is available. The vendor, antlr, was contacted but did not respond. The vu [truncated]
CVE-2026-13501 is a command injection vulnerability in ANTLR4 up to 4.13.2. The vulnerability affects the GoTarget function in the file tool/src/org/antlr/v4/codegen/target/GoTarget.java of the component gofmt. The manipulation leads to command injection, which can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The vendor, Unknown Vendor, was contacted [truncated]
CVE-2026-13500 is a code injection vulnerability in ANTLR4 up to 4.13.2. The vulnerability affects an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java in the Grammar Action Block Handler component. This weakness can be exploited remotely, and a public exploit is available. The vendor, Unknown Vendor, was contacted but did not respond. The CVSS score is 5.5, and the severity is MEDIUM.