A vulnerability marked as problematic has been reported in antlr ANTLR4 up to 4.13.2 . This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Maven Plugin . This manipulation causes time-of-check time-of-use. This vulnerability is tracked as CVE-2026-13502 . The attack is restricted to local execution. Moreover, an exploit is present. The vendor was contacted early about this disclosure