CVE-2026-48800

Name of the Vulnerable Software and Affected Versions Notepad++ (affected versions not specified)

Description Multiple issues exist in the software. The config.xml configuration file fails to neutralize special elements when processing the commandLineInterpreter parameter. Additionally, the shortcuts.xml configuration file does not properly neutralize special elements. Both of these issues could allow an attacker to execute arbitrary code. Furthermore, a memory out-of-bounds read in the inter-process communication mechanism could lead to a denial of service (DoS), which is a condition where the application becomes unavailable to users.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.