Ddos 
Security researchers have publicly disclosed critical flaws in the popular text editor Notepad++. Specifically, the disclosure includes detailed technical information and working Notepad++ exploit code. These findings highlight three distinct security flaws affecting older versions of the software. Consequently, users must immediately check their current software version to avoid compromise.
Code Execution via XML Files
Two of the newly disclosed vulnerabilities allow attackers to achieve arbitrary code execution. First, CVE-2026-48800 leverages a security flaw in how the application processes the shortcuts.xml file. Attackers can inject an unauthorized payload into the shortcut command tag. Therefore, when a user clicks the compromised menu entry, the system runs the attacker’s chosen executable path. This injected command appears as a normal item in the Run menu. Consequently, this flaw provides a viable mechanism for persistent access.
Similarly, CVE-2026-48778 targets the config.xml file via the command line interpreter tag. Because the application lacks proper validation for this specific tag, it blindly executes the custom string. Attackers can exploit this path when a user opens a folder command prompt through the app interface. Both flaws received an identical high severity CVSS score of 7.8.
Local Denial of Service Vulnerability
In addition to code execution, researchers uncovered a local denial of service vulnerability tracked as CVE-2026-48770. This flaw allows a separate local process to crash the editor reliably. Specifically, the vulnerability stems from improper handling of malformed internal messages. The application completely fails to enforce proper bounds checks on incoming data strings. As a result, Windows records a severe application crash event.
Public Proof of Concept Availability
The public availability of the Notepad++ exploit code heightens the overall risk for organizations. Attackers can readily use the shared XML payloads to establish persistence on compromised machines. Furthermore, a public PowerShell script demonstrates how easily the denial of service flaw can be triggered. Since the technical details are out in the open, immediate patching is vital.
Affected Versions and Patches
The table below highlights the specific details for each tracked vulnerability:
| Vulnerability | Severity (CVSS) | Affected Versions | Patched Version |
|
CVE-2026-48800 |
7.8 |
<= v8.9.6 |
v8.9.6.1 |
|
CVE-2026-48778 |
7.8 |
<= v8.9.6 |
v8.9.6.1 |
|
CVE-2026-48770 |
5.0 |
<= v8.9.6 |
v8.9.6.1 |
Fortunately, the development team has quickly released a security patch. Users should upgrade to version v8.9.6.1 or later immediately to protect their systems.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
