Riot Games fixes a critical vulnerability in its anti-cheat Vanguard

Published on January 06, 2026 | Translated from Spanish
Riot Games logo alongside a visual representation of the Vanguard anticheat software and a digital security shield, illustrating system protection.

Riot Games Fixes Critical Vulnerability in Its Anticheat Vanguard

The developer behind League of Legends and Valorant has addressed a serious issue in its security system. External researchers reported a flaw in Vanguard, the anticheat software, that compromised system integrity at a very deep level. The company acted quickly to resolve it. 🛡️

The Nature of the Security Flaw

The discovered vulnerability was not remotely exploitable. Its activation required an attacker to have physical access to the victim's computer and administrator credentials. By running a specific program, a malicious driver could be installed with the same privileges as the operating system kernel. This driver acted as a rootkit, hiding its presence and granting total control over the machine. Riot Games confirmed that the issue has been fixed and there is no evidence it was used against real players.

Key Conditions to Exploit the Flaw:
  • Direct physical access to the target device.
  • Administrator credentials to log into the system.
  • Run a malicious program designed to exploit Vanguard's incorrect certificate signature.
The main risk existed in environments with shared computers, such as cybercafés or labs.

The Challenges of Kernel-Level Software

Vanguard operates at the kernel level, the most fundamental layer of the operating system. This allows it to monitor and prevent cheats very effectively, but it also carries enormous responsibility. Any error in software with these privileges can severely compromise the entire machine. This incident highlights the complex balance between effectiveness against cheats and the obligation to ensure user security.

Implications of Operating at the Kernel Level:
  • Maximum capability to detect and block cheats.
  • Exposure to high risks if the code has flaws.
  • Need for a bug bounty program, which Riot maintains active.

A Constantly Evolving Battlefield

The researchers demonstrated that this method could be used to completely disable the anticheat or even install a cheat. This event underscores the ongoing dynamic between those developing protections and those seeking to bypass them. Although in this case the good guys won the round, the battle remains intense, with players' system kernels as the main battleground. Riot's quick response shows the importance of these vulnerability reporting programs. ⚔️