CVE-2026-50663
Received Received - Intake

Relative Path Traversal in Age of Empires II Definitive Edition

Vulnerability report for CVE-2026-50663, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Relative path traversal in Age of Empires II: Definitive Edition Game allows an unauthorized attacker to execute code over a network.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft age_of_empires_ii_definitive_edition *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-23 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-50663 is a relative path traversal vulnerability in Age of Empires II: Definitive Edition Game. This flaw allows an unauthorized attacker to manipulate file paths in a way that bypasses intended restrictions.

As a result, the attacker can execute arbitrary code over a network without requiring prior authentication or elevated privileges. The vulnerability is classified as a remote code execution (RCE) issue, meaning it can be exploited remotely to take control of the affected system.

Impact Analysis

If you are a user of Age of Empires II: Definitive Edition, this vulnerability could have serious consequences, including:

  • Unauthorized access to your system: An attacker could execute malicious code on your device, potentially gaining full control over it.
  • Data theft or corruption: The attacker may steal sensitive information, such as personal data, saved game files, or credentials stored on the system.
  • Network propagation: If the game is played in a multiplayer or networked environment, the attacker could spread malware to other connected systems.
  • Disruption of gameplay: The attacker could crash the game, corrupt save files, or otherwise disrupt normal gameplay.

The CVSS score of 8.8 (High severity) indicates that this vulnerability poses a significant risk, particularly due to its potential for remote exploitation without user interaction beyond basic engagement with the game.

Compliance Impact

The impact of this vulnerability on compliance with standards and regulations depends on the context in which the game is used. Below are potential implications:

  • GDPR (General Data Protection Regulation): If the game or associated systems process personal data of EU citizens, a successful exploit could lead to unauthorized access or exfiltration of this data. This may result in a breach notification requirement and potential fines for failing to protect personal data adequately.
  • HIPAA (Health Insurance Portability and Accountability Act): If the game or the affected system is used in a healthcare environment (e.g., for training or administrative purposes) and handles protected health information (PHI), a breach could violate HIPAA's security and privacy rules. This could lead to penalties for non-compliance.
  • Other standards (e.g., ISO 27001, NIST): Organizations adhering to cybersecurity frameworks may be required to address this vulnerability as part of their risk management processes. Failure to patch or mitigate the issue could result in non-compliance with internal policies or external audits.

However, the specific compliance impact depends on whether the game is used in a regulated environment or handles sensitive data. For most individual users, compliance concerns may not apply directly.

Detection Guidance

The provided context does not include specific detection methods or commands for identifying the relative path traversal vulnerability in Age of Empires II: Definitive Edition.

To detect this vulnerability, you may need to monitor network traffic for unusual file access patterns or unexpected code execution attempts targeting the game. However, no explicit detection tools or commands are mentioned in the available resources.

Mitigation Strategies

The following steps can help mitigate the vulnerability based on the provided context:

  • Apply the latest security updates or patches provided by Microsoft for Age of Empires II: Definitive Edition. Refer to the Microsoft Security Response Center (MSRC) for the official patch.
  • Restrict network access to the game if it is not required for multiplayer functionality, as the vulnerability allows remote code execution over a network.
  • Monitor official advisories from Microsoft for additional guidance or workarounds until a patch is applied.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50663. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart