Critical RCE Vulnerability in Windows Notepad and RPC Identified

Critical RCE Vulnerability in Windows Notepad and RPC Identified

First seen 12 Feb 2026, 21:16 UTC Purple-OpsThezdi 75% similarity 57.5

Article Content

Browse articles
ThreatCluster

CVE-2026-20841, a critical vulnerability with a CVSS score of 9.8, affects Windows Remote Procedure Call (RPC) and allows unauthenticated remote code execution. Additionally, a related issue in Windows Notepad, with a CVSS score of 8.8, enables remote code execution via malicious Markdown files. Both vulnerabilities were published on February 10, 2026, with proof of concept released the following day.

ThreatCluster AI

Timeline

2026-02-10
CVE-2026-20841 published
2026-02-11
First public PoC released

Community

Browse all →