CVE Catalog
CVE-2026-53914
MediumCVSS 6.7Exploitation Probability (EPSS)
Low risk0.20%
9th percentile — higher than 9% of all known CVEs
Summary
In JetBrains Kotlin before version 2.4.20, a vulnerability was found that allows code execution via unsafe deserialization in the build cache metadata.
Risk Assessment
An attacker can remotely execute arbitrary code on the build server, leading to control over the build process and potential compromise of artifact integrity.
Recommendation
Immediately update JetBrains Kotlin to version 2.4.20 or later, which includes a fix for the unsafe deserialization issue.
Original NVD description (English source)
In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata

