Notepad++ Vulnerabilities Could Enable Arbitrary Code Execution on Windows Systems

Critical Notepad++ Vulnerabilities Allow Attackers to Execute Arbitrary Code | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware - National Cyber Security Consulting

Notepad++, one of the most widely used open-source text editors for Windows, has released an urgent security update addressing three vulnerabilities, including two arbitrary code execution flaws that could allow attackers to silently run malicious programs on a victim’s machine. The Notepad++ development team released version v8.9.6.1 on May 26, 2026, patching all three vulnerabilities. […] Thank you for subscribing to our RSS feed! The post Cri…

Notepad++ Fixes CVE-2026-48770 RCE Vulnerability

The developers behind Notepad++ have released version 8.9.6.1 to address multiple security vulnerabilities, including critical flaws that could expose users to remote code execution (RCE) attacks under certain conditions. The patched vulnerabilities, disclosed on May 26, 2026, include CVE-2026-48770, CVE-2026-48778, and CVE-2026-48800, all affecting Notepad++ versions up to 8.9.6.  The most serious of the patched flaws is CVE-2026-48778, a high-…

Notepad++ Patches High-Severity RCE Flaws in Version 8.9.6.1

The developers behind Notepad++ have released version 8.9.6.1 to address multiple security

Notepad++ vulnerabilities could enable arbitrary code execution on Windows systems

Two arbitrary code execution vulnerabilities in Notepad++ let local attackers run commands of their choice on Windows machines by tampering with the editor’s XML configuration files, with both flaws rated High at CVSS 7.8. The flaws, tracked as CVE-2026-48778 and CVE-2026-48800, affect every version of the editor up to and including 8.9.6, Notepad++ said in a release note. However, the vulnerabilities were patched the same day in version 8.9.6.1…