ATCHED
Project Zomboid
Project Zomboid
Apr 8, 2026
View on Steam

Patching a Zero Day Exploit

2/5 Minor

Critical security update addressing 14 malicious mods in Build 42 and a separate vulnerability fix for Build 41.

Share:

Key Changes

  • 1Removal of 14 malicious music mods from the Steam Workshop
  • 2Security fix for a zero-day exploit in Build 42 branches
  • 3Patch for a separate internal vulnerability in Build 41
  • 4Update to the outdatedunstable branch to match the unstable branch
  • 5New policy for the outdatedunstable branch to lag one content update behind

All Changes

🛡️Security(16)

  • fixBuild 42: Addressed a zero-day exploit in Build 42 branches that allowed malicious mods to create files outside the game directory.
  • fixBuild 41: Patched a separate vulnerability identified during an internal audit.
  • removeRisk of Rain 2 OST (True MoooZIC): Removed Risk of Rain 2 OST (True MoooZIC) mod from Steam Workshop due to malicious code.
  • removeRisk of Rain 1 OST (True MoooZIC): Removed Risk of Rain 1 OST (True MoooZIC) mod from Steam Workshop due to malicious code.
  • removeNieR: Automata OST (True MoooZIC): Removed NieR: Automata OST (True MoooZIC) mod from Steam Workshop due to malicious code.
  • removeKatana ZERO OST (True MoooZIC): Removed Katana ZERO OST (True MoooZIC) mod from Steam Workshop due to malicious code.
  • removePersona 5 OST (True MoooZIC): Removed Persona 5 OST (True MoooZIC) mod from Steam Workshop due to malicious code.
  • removeJujutsu Kaisen S1 OST (True MoooZIC): Removed Jujutsu Kaisen S1 OST (True MoooZIC) mod from Steam Workshop due to malicious code.
  • removeHotline Miami 2: Wrong Number OST (True MoooZIC): Removed Hotline Miami 2: Wrong Number OST (True MoooZIC) mod from Steam Workshop due to malicious code.
  • removeHotline Miami OST (True MoooZIC): Removed Hotline Miami OST (True MoooZIC) mod from Steam Workshop due to malicious code.
  • removeSilent Hill OST (True MoooZIC): Removed Silent Hill OST (True MoooZIC) mod from Steam Workshop due to malicious code.
  • removeCowboy Bebop OST (True MoooZIC): Removed Cowboy Bebop OST (True MoooZIC) mod from Steam Workshop due to malicious code.
  • removeMetal Gear Rising: Revengeance Vocal Tracks (True MoooZIC): Removed Metal Gear Rising: Revengeance Vocal Tracks (True MoooZIC) mod from Steam Workshop due to malicious code.
  • removeClassic Roblox Music (True MoooZIC): Removed Classic Roblox Music (True MoooZIC) mod from Steam Workshop due to malicious code.
  • removeDELTARUNE Ch3+4 Music (True MoooZIC): Removed DELTARUNE Ch3+4 Music (True MoooZIC) mod from Steam Workshop due to malicious code.
  • removeMinecraft Alpha+Beta OST (True MoooZIC): Removed Minecraft Alpha+Beta OST (True MoooZIC) mod from Steam Workshop due to malicious code.

⚙️Technical(2)

  • changeoutdatedunstable branch: Updated the outdatedunstable branch to match the current unstable branch to eliminate known vulnerabilities.
  • changeoutdatedunstable branch: Established new policy where the outdatedunstable branch will lag exactly one content update behind the unstable branch.

Summary

Security Exploit Resolved

Developers identified and removed 14 malicious mods from the Steam Workshop that were executing code outside the game directory. This exploit specifically affected Build 42 branches. Users who downloaded these mods are advised to take security measures beyond simple uninstallation.

Build 41 & Branch Updates

A separate vulnerability in Build 41 was patched following an internal audit, though no evidence of exploitation was found. Additionally, the outdatedunstable branch has been synchronized with the unstable branch to close known vulnerabilities, with a new policy established for future branch versioning.

← OlderStable(41.78.19) + UNSTABLE(42.16.3) Hotfixes ReleasedApr 8, 2026

More from Project Zomboid

View all patches →