Skip to main content

Kotlin

7 CVEs product

Monthly

CVE-2026-53914 CRITICAL PATCH Act Now

Remote code execution in JetBrains Kotlin before 2.4.20 stems from unsafe deserialization (CWE-502) of build cache metadata, allowing an attacker who can influence cached build artifacts to execute arbitrary code during a build. The flaw carries a CVSS 9.8 (C:H/I:H/A:H) rating, but there is no public exploit identified at time of analysis and EPSS is very low (0.11%, 2nd percentile), and CISA SSVC marks exploitation as 'none'. JetBrains, who reported the issue, has released a fixed version (2.4.20).

Deserialization RCE Kotlin
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-26154 LIB MEDIUM POC PATCH This Month

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure C Core Kotlin Pubnub Swift
NVD GitHub
CVSS 3.1
5.9
EPSS
1.0%
CVE-2022-24329 Maven MEDIUM PATCH This Month

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kotlin Communications Cloud Native Core Binding Support Function Communications Pricing Design Center
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2020-15824 HIGH PATCH This Week

In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Kotlin Banking Extensibility Workbench Communications Cloud Native Core Policy
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10103 HIGH This Week

JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Kotlin
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2019-10102 HIGH This Week

JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Kotlin Ktor
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2019-10101 HIGH POC This Week

JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Kotlin
NVD
CVSS 3.1
8.1
EPSS
1.6%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in JetBrains Kotlin before 2.4.20 stems from unsafe deserialization (CWE-502) of build cache metadata, allowing an attacker who can influence cached build artifacts to execute arbitrary code during a build. The flaw carries a CVSS 9.8 (C:H/I:H/A:H) rating, but there is no public exploit identified at time of analysis and EPSS is very low (0.11%, 2nd percentile), and CISA SSVC marks exploitation as 'none'. JetBrains, who reported the issue, has released a fixed version (2.4.20).

Deserialization RCE Kotlin
NVD VulDB
EPSS 1% CVSS 5.9
MEDIUM POC PATCH This Month

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure C Core Kotlin +2
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kotlin Communications Cloud Native Core Binding Support Function +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Kotlin Banking Extensibility Workbench +1
NVD
EPSS 1% CVSS 8.1
HIGH This Week

JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Kotlin
NVD
EPSS 1% CVSS 8.1
HIGH This Week

JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Kotlin Ktor
NVD
EPSS 2% CVSS 8.1
HIGH POC This Week

JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Kotlin
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy