CVE-2026-50663: Game: Age of Empires II: Definitive Edition Remote Code Execution Vulnerability

Overview

Severity
High (CVSS 8.8)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Category
Remote Code Execution
Exploit Status
Not Exploited
Exploitation Likelihood
Less Likely
Patch Tuesday
2026-Jul
Released
2026-07-14
EPSS Score
0.65% (percentile: 47.0%)

Description

Relative path traversal in Age of Empires II: Definitive Edition Game allows an unauthorized attacker to execute code over a network.

FAQ

How could an attacker exploit the vulnerability? An attacker could create a specially crafted game scenario file and convince a user to open it, which allows the file to write content outside the intended game directory. By doing this, the attacker can place malicious files in unexpected locations, potentially enabling code to run on the affected system.

Affected Products (1)

Other

  • Age of Empires II: Definitive Edition Game

Security Updates (1)

Acknowledgments

<a href="https://x.com/rdjgr">Rick de Jager</a>

Revision History

  • 2026-07-14: Information published.