JetBrains Kotlin <2.4.20 Uns. Deser. in Build Cache Metadata Assigner
CVE-2026-53914 Published on June 26, 2026

In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata

NVD

Vulnerability Analysis

CVE-2026-53914 is exploitable with local system access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
HIGH
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
LOW
Availability Impact:
LOW

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2026-53914 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.


Products Associated with CVE-2026-53914

Want to know whenever a new CVE is published for JetBrains Kotlin? stack.watch will email you.

 

Affected Versions

JetBrains Kotlin: