Relative Path Traversal in Age of Empires II: Definitive Edition by Microsoft
CVE-2026-50663

8.8HIGH

Key Information:

Vendor

Microsoft

Vendor
CVE Published:
14 July 2026

Badges

πŸ”₯ Trending nowπŸ“ˆ TrendedπŸ“ˆ Score: 7,810

What is CVE-2026-50663?

CVE-2026-50663 is a vulnerability found in Age of Empires II: Definitive Edition, a popular real-time strategy game developed by Microsoft. This relative path traversal vulnerability allows unauthorized attackers to execute code remotely over a network. Specifically, it exploits weaknesses in the way file paths are handled, enabling malicious actors to gain access to and manipulate files outside of designated directories. This flaw poses a significant threat to organizations, especially those that rely on this software for entertainment or team-building activities, as it could lead to compromised systems and unauthorized actions on their networks.

Potential impact of CVE-2026-50663

  1. Remote Code Execution: The primary concern with CVE-2026-50663 is its potential to allow attackers to execute arbitrary code on vulnerable systems. This capability could enable the attacker to take full control of the affected game environment and linked resources, leading to far-reaching consequences for system integrity.

  2. Data Exposure and Integrity Risks: Given that the vulnerability allows unauthorized access to files, there is a high risk of data exposure. Sensitive information could be accessed or altered, potentially leading to data theft or manipulation, impacting both gameplay experience and organizational data security.

  3. Network Compromise: If exploited, this vulnerability could facilitate further attacks on an organization's network infrastructure. A compromised game server could serve as a foothold for attackers to pivot to other connected systems, leading to a broader security breach and potential disruption of business operations.

Affected Version(s)

Age of Empires II: Definitive Edition Game 1.0.0 < 101.103.46651.0

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • πŸ“ˆ

    Vulnerability started trending

  • Vulnerability published

  • Vulnerability Reserved

.