This issue was initially reported and addressed in June, but a new method has emerged that replicates the same exploit. Unfortunately, this resurgence comes at an inconvenient time, as engineers are currently on a two-week break during a code-freeze period. However, considering the severity of the issue and how seriously it was handled back in June, it’s crucial that exceptions are made to address this promptly. The engineers I would contact about this have not been on the DevForum due to the break, making this bug report a final attempt to reach any engineer or DevRel member with the authority to take immediate action.
An exploit has been discovered in Roblox’s UGC system that allows malicious creators to upload and distribute ‘skybox’ accessories, which cover entire playable maps in experiences. Unlike previous exploits involving layered clothing, this issue uses regular accessory types like ‘Hat,’ ‘Back,’ and other standard accessory categories. The exploit enables these accessories to render across the entire map upon spawning. In some cases, the items generate hundreds of smaller boxes scattered across the game, obstructing gameplay and creating significant disruption, while in other cases, they produce an all-encompassing skybox effect that visually overwhelms the game environment. Both scenarios render affected experiences unplayable.
This issue initially surfaced in June earlier this year, prompting Roblox to temporarily pause moderation for 3D accessories, clothing, bodies, and heads while investigating the exploit. Although it was resolved within a few hours back then, malicious users have since found a way to bypass the original patch. Tens of these disruptive items are now being uploaded every hour, overwhelming the moderation system and causing widespread harm across the platform.
The impact of this exploit is severe, as it disrupts gameplay, obstructs user interfaces, and creates frustrating experiences for players.
Reproduction Steps:
- Equip one of the malicious skybox UGC items.
- Join into a Roblox experience, such as this one I made: Catalog Item Tester - Roblox
- Observe the item rendering across the entire map, and sometimes creating thousands of objects within it, completely breaking games.
This exploit requires urgent investigation and resolution to prevent continued harm to the platform’s ecosystem.
Affected Items:
I will only list a few of the many malicious items recently uploaded using this exploit. To prevent further abuse, I’ve chosen examples that are currently off-sale. I urge any engineer who reviews this report and takes action on these items (even without getting directly involved in the resolution of this bug) to also check the attached private staff PM, where I’ve attached a link to my website where the bulk of the offending items are listed. If access to this PM is restricted due to group permissions, please don’t hesitate to message me directly, and I’ll promptly share the details.
CC’ing a few engineers here in hopes that one of them comes across this report: @TheGamer101 @KnightGaladeld @CalGamesDev 
A private message is associated with this bug report
UPDATE: This has been confirmed as re-patched through PMs. Big thanks to the engineers who worked tirelessly to resolve this issue in record time, and the forum moderation staff who cleaned up the heap of troll replies in this post