CVE-2026-50663

Microsoft · Age of Empires II: Definitive Edition Game

A relative path traversal vulnerability in Age of Empires II: Definitive Edition allows an unauthenticated attacker to execute code over a network.

Executive summary

A critical path traversal vulnerability in Age of Empires II: Definitive Edition enables unauthenticated remote code execution via network interaction.

Vulnerability

This issue is a relative path traversal vulnerability (CWE-23) that allows an unauthenticated attacker to manipulate file paths and execute arbitrary code by interacting with the game over a network.

Business impact

The ability for an unauthenticated attacker to execute code remotely poses a severe risk to end-user systems, potentially leading to full system compromise or the installation of malicious software. With a CVSS score of 8.8, this vulnerability is highly dangerous for any user playing the game, as it can be leveraged to gain unauthorized access to the underlying host machine.

Remediation

Immediate Action: Update Age of Empires II: Definitive Edition to version 101.103.46651.0 or later via the appropriate game distribution platform.

Proactive Monitoring: Monitor for unusual network activity or unexpected file modifications on systems where the game is installed.

Compensating Controls: Use endpoint protection solutions to detect and block suspicious child processes or unauthorized file operations initiated by the game executable.

Exploitation status

Public Exploit Available: No (exploit_available: false)

Analyst recommendation

All players and administrators managing systems with this game installed should prioritize the update. The combination of remote code execution capabilities and the lack of authentication requirements makes this a high-priority security update.