A vulnerability labeled as critical has been found in antlr ANTLR4 up to 4.13.2 . Affected by this issue is the function getImportedVocabFile of the file tool/src/org/antlr/v4/parse/TokenVocabParser.java of the component tokenVocab Grammar Option Handler . The manipulation results in path traversal. This vulnerability is identified as CVE-2026-13503 . The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in