PT-2026-44374 · Notepad++ · Notepad++

Daniel Cifuentes

+2

·

Published

2026-05-26

·

Updated

2026-06-29

·

CVE-2026-48770

CVSS v3.1

5.0

Medium

VectorAV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.9.6.1
Description Multiple issues exist in the software, including a buffer over-read in the inter-process communication mechanism that can lead to a denial of service. Additionally, remote code execution is possible through configuration file injection because the application passes commandLineInterpreter from 'config.xml' and UserDefinedCommands from 'shortcuts.xml' directly to the ShellExecute() function without validation.
Recommendations Update to version 8.9.6.1.

Exploit

Fix

DoS

RCE

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-07492
CVE-2026-48770
GHSA-R39G-3MCW-XCG2

Affected Products

Notepad++