CVE-2026-2538

CVSS v3.1

7.0

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Flos Freeware Notepad2 versions 4.2.22 through 4.2.25

Description A security flaw exists in Flos Freeware Notepad2. The issue involves an uncontrolled search path within an unknown function in the

Msimg32.dll

library. Local access is required for exploitation, and the exploitability is considered difficult.

Recommendations Update Flos Freeware Notepad2 to a version newer than 4.2.25.

Fix

Uncontrolled Search Path Element

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

CVE-2026-2538

Msimg32.Dll

Notepad2