OS Command Injection in RPG MAKER MV and RPG MAKER MZ - CVE-2026-56137
Published: June 30, 2026
RPG MAKER MV
RPG MAKER MZ
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote unauthenticated attacker can trick a victim to open a specially crafted save-file and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.