A vulnerability identified as critical has been detected in antlr ANTLR4 up to 4.13.2 . Affected by this vulnerability is the function GoTarget of the file tool/src/org/antlr/v4/codegen/target/GoTarget.java of the component gofmt . The manipulation leads to command injection. This vulnerability is referenced as CVE-2026-13501 . The attack can only be performed from a local environment. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond