CVE Catalog
CVE-2026-56137
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk0.68%
48th percentile — higher than 48% of all known CVEs
Summary
RPG MAKER MV and MZ from Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. Loading a specially crafted save file may execute arbitrary OS commands.
Risk Assessment
An attacker can remotely execute arbitrary commands on the victim's system, potentially leading to full device compromise, data theft, or malware installation.
Recommendation
Immediately update RPG MAKER MV and MZ to the latest version and avoid opening save files from untrusted sources.
Original NVD description (English source)
RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. If a user loads a specially crafted save-file, arbitrary OS command may be executed.

