| [Japanese] | |
JVNDB-2026-000093 | |
RPG MAKER MV and MZ vulnerable to OS command injection | |
| Overview | |
RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. are game development tools, which provide "save data" facility to create a file to preserve game status and related parameters. A user can save the current game status to a save-file, and later load the file to resume playing the game. | |
| CVSS Severity (What is CVSS?) | |
|
CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
CVSS v4 Severity
Base Metrics: 8.4 (High) [IPA Score]
| |
| Affected Products | |
|
| |
Gotcha Gotcha Games Inc. | |
|
| |
| Impact | |
If a user loads a specially crafted save-file, arbitrary OS command may be executed. | |
| Solution | |
[Apply the Workaround] | |
| Vendor Information | |
Gotcha Gotcha Games Inc. | |
| CWE (What is CWE?) | |
| |
| CVE (What is CVE?) | |
|
| |
| References | |
| |
| Revision History | |
|
| Date Public | 2026/06/30 |
| Date First Published | 2026/06/30 |
| Date Last Updated | 2026/06/30 |


