Critical Notepad++ Vulnerabilities Allow Remote Code Execution

Critical Notepad++ Vulnerabilities Allow Remote Code Execution

First seen 28 May 2026, 10:12 UTC CybersecuritynewsHeise.DeGbhackersThecyberexpressCsoonline+6 88% similarity 72.0

Article Content

Browse articles
ThreatCluster

Notepad++ has released version 8.9.6.1 to patch three vulnerabilities, including two critical flaws (CVE-2026-48778 and CVE-2026-48800) that enable arbitrary code execution on Windows systems. These vulnerabilities arise from improper handling of XML configuration files, allowing local attackers to execute commands by tampering with user settings. The flaws affect all versions up to 8.9.6 and were disclosed on May 26, 2026. CVE-2026-48778 allows manipulation of the command-line interpreter path, while CVE-2026-48800 targets user-defined commands in the shortcuts.xml file. Both require user interaction or prior access to the AppData directory. A third lower-severity vulnerability, CVE-2026-48770, was also patched. Users are urged to update immediately to mitigate risks.

Key Points: • Two critical vulnerabilities in Notepad++ allow arbitrary code execution. • Affected versions include all prior to 8.9.6; users must update to 8.9.6.1. • Attackers can exploit these flaws through tampered XML configuration files.

ThreatCluster AI

Timeline

2026-05-26
Vulnerabilities disclosed
Notepad++ announced three vulnerabilities, including critical RCE flaws CVE-2026-48778 and CVE-2026-48800.
Thecyberexpress
2026-05-26
Patch released
Notepad++ version 8.9.6.1 was released to address the vulnerabilities and improve security.
Csoonline
2026-05-27
Security advisory published
GitHub Security Advisory detailed the vulnerabilities and their potential impact on users.
Csoonline

Community

Browse all →