CVE-2026-5525

Name of the Vulnerable Software and Affected Versions Notepad++ version 8.9.3

Description A stack-based buffer overflow exists in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds checking, resulting in a stack buffer overflow and application crash.

Recommendations Update to a newer version that contains a fix for this vulnerability.