CVE-2026-50663
Microsoft · Age of Empires II: Definitive Edition Game
A relative path traversal vulnerability in Age of Empires II: Definitive Edition allows an unauthenticated attacker to execute code over a network.
Executive summary
A critical path traversal vulnerability in Age of Empires II: Definitive Edition enables unauthenticated remote code execution via network interaction.
Vulnerability
This issue is a relative path traversal vulnerability (CWE-23) that allows an unauthenticated attacker to manipulate file paths and execute arbitrary code by interacting with the game over a network.
Business impact
The ability for an unauthenticated attacker to execute code remotely poses a severe risk to end-user systems, potentially leading to full system compromise or the installation of malicious software. With a CVSS score of 8.8, this vulnerability is highly dangerous for any user playing the game, as it can be leveraged to gain unauthorized access to the underlying host machine.
Remediation
Immediate Action: Update Age of Empires II: Definitive Edition to version 101.103.46651.0 or later via the appropriate game distribution platform.
Proactive Monitoring: Monitor for unusual network activity or unexpected file modifications on systems where the game is installed.
Compensating Controls: Use endpoint protection solutions to detect and block suspicious child processes or unauthorized file operations initiated by the game executable.
Exploitation status
Public Exploit Available: No (exploit_available: false)
Analyst recommendation
All players and administrators managing systems with this game installed should prioritize the update. The combination of remote code execution capabilities and the lack of authentication requirements makes this a high-priority security update.