VR Overlay RCE
Description
VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In addition to the patch, VRCX maintainers worked with the VRC team and blocked the older version of VRCX on the VRC's API side. Users who use the older version of VRCX must update their installation to continue using VRCX.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- vrcx-team/VRCXv5Range: < 2024.03.23
Patches
Vulnerability mechanics
Root cause
"A combination of cross-site scripting via overlay notifications and an over-privileged CefSharp browser allows for remote command execution."
Attack vector
An attacker can exploit a cross-site scripting vulnerability in VRCX's overlay notification feature by crafting a malicious display name that bypasses VRChat's restrictions [ref_id=2]. This crafted input can then be used to invoke the `StartGameFromPath` method exposed by the CefSharp browser's `AppApi` object, allowing the attacker to execute arbitrary commands on the victim's system [ref_id=2].
Affected code
The vulnerability lies within the CefSharp browser component and its exposed `AppApi` object, specifically the `StartGameFromPath` method in `Dotnet/AppApi/GameHandler.cs` [ref_id=2]. Additionally, the cross-site scripting vulnerability stems from how overlay notifications are handled, particularly in the `html/src/vr.js` file [ref_id=2]. The patch modifies the `WorldDBManager` class in `WorldDBManager.cs` [ref_id=1].
What the fix does
The patch addresses the vulnerability by modifying the `WorldDBManager` class to correctly handle the 'global' world override and by ensuring that external reads are allowed for 'global' or explicitly permitted worlds [ref_id=1]. This prevents the misuse of the overlay notification system and the `AppApi` object, thereby closing the attack vector for remote command execution.
Preconditions
- inputA specially crafted display name that bypasses VRChat's restrictions.
- configThe VRCX application must be running and using a version prior to 2024.03.23.
Generated on Jun 4, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- github.com/vrcx-team/VRCX/commit/cd2387aa3289f936ce60049121c24b0765bd4180mitrex_refsource_MISC
- github.com/vrcx-team/VRCX/security/advisories/GHSA-j98g-mgjm-wqphmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.