CVE Catalog

CVE-2026-56137

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.68%

48th percentile — higher than 48% of all known CVEs

Summary

RPG MAKER MV and MZ from Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. Loading a specially crafted save file may execute arbitrary OS commands.

Risk Assessment

An attacker can remotely execute arbitrary commands on the victim's system, potentially leading to full device compromise, data theft, or malware installation.

Recommendation

Immediately update RPG MAKER MV and MZ to the latest version and avoid opening save files from untrusted sources.

Original NVD description (English source)

RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. If a user loads a specially crafted save-file, arbitrary OS command may be executed.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS