Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Notepad's new Markdown powers served with a side of RCE

The vulnerability allows remote code execution via malicious Markdown links in Notepad, fixed in February 2026 updates; no exploitation in the wild has been reported by Microsoft.

  • On Tuesday, Microsoft issued the patch that fixed a high-severity Notepad remote code execution flaw tracked as CVE-2026-20841, disclosed in Patch Tuesday updates.
  • Notepad's recently added Markdown support and AI-powered writing features modernized Windows 11 Notepad, but critics raised concerns about expanding the app's attack surface.
  • Clickable links in Markdown files can trigger unverified protocols such as file: or ms-appinstaller:, executing programs without warnings in the security context of end users who click links.
  • Microsoft says there is no evidence attackers exploited the Notepad vulnerability in the wild, and tests show Windows 11 Notepad now warns when clicking non-http links.
  • Separately, the ecosystem shows related risks as Notepad++ disclosed that it warned of a malicious update linked to Chinese state-sponsored attackers.
Insights by Ground AI

19 Articles

Tech RadarTech Radar
Center

Microsoft patches concerning Windows 11 Notepad security flaw - Markdown issues could have let hackers slip in malware without warning

Microsoft Patch Tuesday addresses high-severity flaw in Windows 11 Notepad that enabled remote code execution attacks.

·United Kingdom
Read Full Article
BleepingComputerBleepingComputer
Center

Windows 11 Notepad flaw let files execute silently via Markdown links

Microsoft has fixed a

Read Full Article
The VergeThe Verge
Lean Left

Microsoft fixes Notepad flaw that could trick users into clicking malicious Markdown links

Microsoft has fixed a serious security vulnerability affecting Markdown files in Notepad. In the company's Tuesday patch notes, Microsoft says a bad actor could carry out a remote code execution attack by tricking users "into clicking a malicious link inside a Markdown file opened in Notepad," as reported earlier by The Register. Clicking the link would "launch unverified protocols," allowing attackers to remotely load and execute malicious file…

·United States
Read Full Article
PC MagPC Mag
Lean Left

Bloat Risk? Microsoft's Notepad Upgrade Also Introduced a Vulnerability

The flaw exploits Notepad’s recently added support for Markdown, a formatting language used on websites and in files, to run malicious code on a Windows PC.

·United States
Read Full Article
Tech SpotTech Spot
Center

Unwanted AI upgrade to Windows Notepad created a serious security flaw

According to Microsoft's release notes, the update fixes 25 elevation of privilege flaws, 12 remote code execution vulnerabilities, three denial of service vulnerabilities, five security feature bypass exploits, six information disclosure bugs, and seven spoofing vulnerabilities. Six of the vulnerabilities were rated "Critical," while the rest were marked as "Severe."Read Entire Article

Read Full Article
The RegisterThe Register
Center

Notepad's new Markdown powers served with a side of RCE

: Smug faces across all those who opposed the WordPad-ification of Microsoft's humble text editor

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 67% of the sources are Center
67% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

pcgamer broke the news in on Wednesday, February 11, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Microsoft icon

Microsoft

Apps icon

Apps

Cyberattacks icon

Cyberattacks

Windows icon

Windows

Windows 11 icon

Windows 11

Technology icon

Technology

Redmond, Washington icon

Redmond, Washington

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal