CVE-2026-20841

Name of the Vulnerable Software and Affected Versions Windows Notepad versions prior to 11.2510 Description A remote code execution vulnerability exists in the Windows Notepad application due to improper neutralization of special elements used in commands when handling Markdown files. This flaw allows an unauthorized attacker to execute code by tricking a user into clicking a malicious link within a Markdown file opened in Notepad. The application launches unverified protocols, leading to the download and execution of remote files with the user's permissions. The vulnerability stems from the addition of Markdown support and AI features to Notepad, expanding the attack surface. There is no confirmed evidence of exploitation in the wild. Recommendations Update Windows Notepad to version 11.2510 or later.