Intel

AIKIDO-2026-188556

kotlin-stdlib is vulnerable to Unsafe Deserialization

Unsafe DeserializationCVE-2026-53914 Published Jul 1, 2026

67

Medium Risk

This Affects:

JAVAkotlin-stdlib
0.0.1 - 2.4.19
Fixed in 2.4.20
Are you affected? Scan for Free

TL;DR

In JetBrains Kotlin before 2.4.20 code execution is possible via unsafe deserialization in the build cache metadata.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

kotlin-stdlib is vulnerable to Unsafe Deserialization in versions 0.0.1 - 2.4.19.

How to fix this

Upgrade JetBrains Kotlin to the patch version.