CVE-2026-23512

Name of the Vulnerable Software and Affected Versions SumatraPDF versions 3.5.2 and earlier

Description SumatraPDF is a multi-format reader for Windows. A flaw exists due to an Untrusted Search Path when the Advanced Options setting is triggered. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting. This allows execution of a malicious notepad.exe placed in the application's installation directory, potentially leading to arbitrary code execution.

Recommendations Versions prior to 3.5.3 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.