Notepad++ v8.9.7 Update Addresses Critical Vulnerabilities Including Command Injection

Notepad++ v8.9.7 Update Addresses Critical Vulnerabilities Including Command Injection

First seen 15 Jul 2026, 08:28 UTC CybersecuritynewsGbhackers 74% similarity 70.5

Article Content

Browse articles
ThreatCluster

Notepad++ released version 8.9.7 on July 14, 2026, fixing five security vulnerabilities. Among these is a critical PowerShell command injection flaw that could allow arbitrary code execution during installation. The update also addresses issues related to session-file handling, environment-variable expansion, ZIP extraction, and macro validation. Three of the vulnerabilities are tracked by CVEs, while two are noted in GitHub Security Advisories without CVE designations. The vulnerabilities affect users of Notepad++ on Windows systems, which is widely used for text editing. Users are advised to update to the latest version to mitigate risks. The vulnerabilities could potentially lead to unauthorized access and system compromise if exploited.

Key Points: • Notepad++ v8.9.7 fixes five vulnerabilities, including a critical command injection flaw. • The update addresses issues related to buffer overflow and path traversal vulnerabilities. • Users are urged to update to version 8.9.7 to protect against potential exploitation.

ThreatCluster AI

Timeline

2026-07-14
Notepad++ v8.9.7 released
The latest version includes critical security fixes for multiple vulnerabilities affecting Windows users.
Gbhackers
2026-07-14
Multiple vulnerabilities disclosed
Five vulnerabilities were disclosed, including a high-risk PowerShell command injection flaw.
Cybersecuritynews

Community

Browse all →