Recently, security researcher @RDJGR revealed details of CVE-2026-50663 on social media. This flaw affects the classic strategy game, Age of Empires II: Definitive Edition. Surprisingly, exploiting this remote code execution bug is quite simple. Furthermore, the attack method is rather comical. Players merely need to join a rogue game lobby to trigger the exploit.
Vulnerability Details
Fundamentally, this weakness involves a path traversal issue.
Attackers achieve remote code execution through crafted game lobbies or file transfers. Specifically, creating many game lobbies forms the simplest exploit method. When players join, they blindly accept user-generated content. Meanwhile, the attacker hides dark code within this content. As the game loads custom maps, it unpacks the bad scripts. Subsequently, it writes these scripts to specific disk paths. Ultimately, the attacker gains full control over the target system.
Advanced Exploit Vectors
Additionally, advanced exploits require no extra player action at all.
Hackers can grab and alter lobby traffic to launch their attacks. To show this, the researcher built a custom proxy tool for the game. Using this tool, attackers can publish maps with fake path names. Consequently, they can overwrite error logs or vital game files. They can even force code execution by blending it with crash bugs.
However, the researcher hid specific details to prevent wide abuse. Yet, they warned that reverse engineering easily uncovers the exact methods. Therefore, upgrading the game version remains the top goal for players. Actually, Microsoft fixed this flaw back in April. The researcher simply waited until now to share the issue publicly.
Microsoft Patches the Flaw
Initially, the security expert reported their facts directly to Microsoft.
Following this, the company confirmed the flaw and shipped a patch. They fixed the bug in the April 2026 update, version 101.103.46651.0. However, Microsoft only assigned a CVE number this week. Notably, they gave this severe threat a high risk score of 8.8.
Therefore, Microsoft strongly urges all users to update their games right now. You can get the newest version via the Microsoft Store or Steam. Once updated, the system blocks this remote code attack safely. Furthermore, the expert advises players to avoid strange game lobbies entirely. Similarly, you should never download custom content from unknown sources. These actions easily create open doors for swift cyber attacks.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.