Possible RCE
closed
DefenselessDeer
Yesterday I was in EN-JP and everyone in the server got moved into a different room then had our menus opened and spammed clicking through a bunch of groups. This happened twice, the first time we were able to close our menus and everything was fine, the second time around 15-20 mins later clicked through even more groups. Then loaded everyone into a new screaming world with the loading screen for the sunset bar. The only way to leave the world was a task manager shutdown of the game. This happened to all players in the lobby i talked to afterwards, regardless of being PCVR, Quest, Pico, Android. I've played the game for a long time but never have I somehow been forced into joining a new world or had my personal menus messed with. I've saved my logs as suggested by a user on reddit. Another thing to note, the world i was forced into did not show up on my recent worlds tab at all
Log In
StormRel
closed
Please make a support ticket about this, Canny is for bug reports. Thank you!
Salbug
I highly recommend contacting support and providing them with all the details you have. Documenting potential security issues on Canny is not a good practice and is generally discouraged.
DefenselessDeer
Salbug There isn't an issue category for it there and I'm not sure, someone on reddit told me to post it here from my post there.
Salbug
DefenselessDeer To report a potential RCE, select 'App/Website Security Exploit Report.' As I mentioned, discussing potential security exploits in a public channel is not good practice. Please contact support about this. They take security reports very seriously.