CVE-2026-50663 is a relative path traversal vulnerability in Age of Empires II: Definitive Edition that Microsoft says can lead to remote code execution. The CVSS v3.1 base score is 8.8 (High) with a temporal score of 7.7; the vector is network-based, requires no privileges, but does require user interaction. Microsoft lists exploitation as not publicly disclosed and not exploited, with exploit code maturity unproven. The FAQ states an attacker could craft a game scenario file and convince a user to open it, allowing writes outside the intended game directory and potentially enabling code execution on the affected system. This is relevant for enterprise environments where users may open untrusted game files. Highlights: - CVSS scores: Base 8.8 - Temporal 7.7 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; network attack vector, LOW attack complexity, NO privileges required, but USER INTERACTION is REQUIRED. - Severity for enterprise: High severity if users can open untrusted scenario files, but the need for user interaction reduces risk compared with fully remote, unauthenticated attacks. - Patch status: available; customer action required. Affected systems: - No products listed in the provided product_tree.