Purple-Ops
Critical RCE Vulnerability in Windows Notepad and RPC Identified
First seen 12 Feb 2026, 21:16 UTC
•
•75% similarity
•57.5
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
CVE-2026-20841, a critical vulnerability with a CVSS score of 9.8, affects Windows Remote Procedure Call (RPC) and allows unauthenticated remote code execution. Additionally, a related issue in Windows Notepad, with a CVSS score of 8.8, enables remote code execution via malicious Markdown files. Both vulnerabilities were published on February 10, 2026, with proof of concept released the following day.
ThreatCluster AI
Timeline
2026-02-10
CVE-2026-20841 published
2026-02-11
First public PoC released