Skip to main content

Rpg Maker Mv

1 CVEs product

Monthly

CVE-2026-56137 HIGH This Week

Arbitrary OS command execution in RPG Maker MV and MZ (Gotcha Gotcha Games) is triggered when a victim loads a maliciously crafted save-file, allowing an attacker to run commands with the privileges of the game process. The flaw is a classic OS command injection (CWE-78) reported through JPCERT/JVN; no public exploit has been identified at time of analysis and it is not in CISA KEV. Because exploitation is local and requires the user to load attacker-supplied data, impact hinges on social-engineering victims into opening untrusted saves.

Command Injection Rpg Maker Mv Rpg Maker Mz
NVD VulDB
CVSS 4.0
8.4
EPSS
0.7%
EPSS 1% CVSS 8.4
HIGH This Week

Arbitrary OS command execution in RPG Maker MV and MZ (Gotcha Gotcha Games) is triggered when a victim loads a maliciously crafted save-file, allowing an attacker to run commands with the privileges of the game process. The flaw is a classic OS command injection (CWE-78) reported through JPCERT/JVN; no public exploit has been identified at time of analysis and it is not in CISA KEV. Because exploitation is local and requires the user to load attacker-supplied data, impact hinges on social-engineering victims into opening untrusted saves.

Command Injection Rpg Maker Mv Rpg Maker Mz
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy