RCE vulnerability?

There is a new exploit floating around from that guy who made AA-20 into IRIS-Ts and it’s been been reported on the bug tracker and the staff is aware of it. However the bug is labeled as an RCE exploit. Can we get an official response on whether this can compromise our system (is it really an RCE exploit)?

Link to the report : Community Bug Reporting System


I’ll personally avoid playing the game for the rest of the week as well as next week. Don’t want to risk it


Even if this isn’t an RCE on the client, it’s still somehow overriding server’s authority. I hope this is a server side exploit and not an client RCE, similar to those server crashers from CS:GO. @Smin1080p can we get an official response? Is the game safe to play?


Our team studying this situation and working to ensure that this does not happen again in the future.

If you meet similar players, please provide any information about them - profile link, replay, video from the battle, screenshot, etc.


I definitely will but this doesn’t answer my question of whether this is a Remote Code Execution exploit that would put players, their machines and personal data at risk. I am all for banning cheaters but this feels secondary in this situation. I would rather have my match ruined that get my data stolen/held at ransom, or worse. Can you keep us updated as developers uncover the situation?


Is there any progress on the investigation?

1 Like

This didn’t answer the most important question in the post.
is it RCE? is my system vulnerable while playing at the moment?


No it doesn’t. I didn’t see that thread, and they would have removed this one as well. The last one probably got delete because it probably linked to a video of someone cheating

1 Like

The silence is concerning, nonetheless.

There’s no evidence of it being anything other than in-match related.
If you are really concerned, just go play ground RB for a bit.

1 Like

An RCE exploit could just as effectively be used against ground players.

The guy was literally kicking entire lobbies.

It’s limited to the match, which means it can’t leave the match.
On top of that, if it’s a script then they’re not running EAC so they cannot enter ground RB.

As far as I am aware, they were doing it in ARB.

(I think it requires EAC? Not sure as I’ve always launched with it.)

EAC is only required for ground RB and naval, I think ground sim as well tho I cannot remember.

You are way out of your depth here mate.

“You can’t cheat on VAC enabled servers” energy

No one said what you think they said if that’s the first response you have. I can’t even help clarify the statement cause your response is weird.

1 Like

i don’t think you know what you are talking about here.
The fact that the hacker can force “J-out” players could imply that he has RCE access to their WT-clients and not only the server or sending packets to the server.

having EAC enabled or not isn’t a definitively prevention of hacks. anti-cheat systems have historically been and continue to be bypassed even when active on the users PC.

1 Like

if it’s a script then they’re not running EAC so they cannot enter ground RB.

You have no idea how cheats and anti cheat software works


I know exactly how both work [talking about both on the forum is a rule violation though so neither of us can get into details], and what you responded to still doesn’t change the fact that the now banned player wasn’t running EAC on their client.