An urgent message to Unity developers: we've identified a security vulnerability that affects games and applications built on Unity versions 2017.1 and later for Android, Windows, Linux, and macOS operating systems. Thankfully, there's no evidence of any exploitation or impact on users or customers. We've proactively released fixes to address the issue, making them available to all developers.

Key Facts

There is no evidence of any exploitation of the vulnerability nor has there been any impact on users or customers. Unity has worked closely with our platform partners, who have taken further steps to secure their platforms and protect end-users. Released games or applications using Unity 2017.1 or later for Windows, Android, macOS, or Linux may contain this vulnerability.

What Actions Should You Take?

If you've developed and released a game or application using Unity 2017.1 or later for Windows, Android, or macOS, it's essential to take action to ensure the continued safety of your users. If your project is still in active development:

  • Download the patched update for your version of the Unity Editor, available via Unity Hub or the Unity Download Archive, before building and publishing. This will ensure that your releases are fully protected.

For games and applications already built:

  • We strongly recommend downloading the patched update for your version of the Unity Editor, recompiling, and republishing your application.
  • For developers who prefer not to rebuild their projects, we've provided a tool to patch already-built applications dating back to 2017.1 for Android, Windows, and macOS.

Additional Platforms

For Horizon OS: Meta devices have implemented mitigations so that vulnerable Unity apps running on Horizon OS cannot be exploited. For Linux: the vulnerability presents a much lower risk compared to Android, Windows, and macOS. For all other Unity-supported platforms, including iOS, there have been no findings to suggest that the vulnerability is exploitable.

Consumer Guidance

There is no evidence of any exploitation of the vulnerability nor has there been any impact on users or customers. Advise your users to keep their devices and applications updated, enable automatic updates, and maintain current antivirus software. Encourage security best practices, including avoiding suspicious downloads and routinely updating all software.

Our Commitment

Unity is dedicated to the security and integrity of our platform, our customers, and the wider community. Transparent communication is central to this commitment, and we will continue to provide updates as necessary. For comprehensive technical details, please consult our patching tool and remediation guide, Security Advisory, and CVE-2026-59489.

If you have any questions, join us in the CVE Discussions forums and use the CVE Q&A Topic. If you need additional support, you can open up a ticket at [support.unity.com](http://support.unity.com).