{"id":259172,"date":"2026-05-29T18:51:00","date_gmt":"2026-05-29T22:51:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/29\/critical-notepad-vulnerabilities-allow-attackers-to-execute-arbitrary-code\/"},"modified":"2026-05-29T19:10:10","modified_gmt":"2026-05-29T23:10:10","slug":"critical-notepad-vulnerabilities-allow-attackers-to-execute-arbitrary-code","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/29\/critical-notepad-vulnerabilities-allow-attackers-to-execute-arbitrary-code\/","title":{"rendered":"Critical Notepad++ Vulnerabilities Allow Attackers to Execute Arbitrary Code"},"content":{"rendered":"<p><a href=\"https:\/\/cybersecuritynews.com\/critical-notepad-vulnerabilities\/\">Critical Notepad++ Vulnerabilities Allow Attackers to Execute Arbitrary Code<\/a><\/p>\n<p><a href=\"https:\/\/cybersecuritynews.com\/critical-notepad-vulnerabilities\/\">https:\/\/cybersecuritynews.com\/critical-notepad-vulnerabilities\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-29 18:51:00<\/a><\/p>\n<p>Source Domain: <a href=\"cybersecuritynews.com\">cybersecuritynews.com<\/a><\/p>\n<p class=\"wp-block-paragraph\">Notepad++, one of the most widely used open-source text editors for Windows, has released an urgent security update addressing three vulnerabilities, including two arbitrary code execution flaws that could allow attackers to silently run malicious programs on a victim\u2019s machine.<\/p>\n<p class=\"wp-block-paragraph\">The Notepad++ development team released version v8.9.6.1 on May 26, 2026, patching all three vulnerabilities. Users running v8.9.6 or earlier are urged to update immediately.<\/p>\n<h2 id=\"h-notepad-vulnerabilities\" class=\"wp-block-heading\"><strong>Notepad++ Vulnerabilities<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">The update resolves the following vulnerabilities:<\/p>\n<table class=\"has-fixed-layout\">\n<tr>\n<th>CVE ID<\/th>\n<th>Severity<\/th>\n<th>Description<\/th>\n<\/tr>\n<tr>\n<td>CVE-2026-48770<\/td>\n<td>High<\/td>\n<td>Crash via malformed XML structure<\/td>\n<\/tr>\n<tr>\n<td>CVE-2026-48778<\/td>\n<td>Critical<\/td>\n<td>Arbitrary code execution via config.xml<\/td>\n<\/tr>\n<tr>\n<td>CVE-2026-48800<\/td>\n<td>Critical<\/td>\n<td>Arbitrary code execution via shortcuts.xml<\/td>\n<\/tr>\n<\/table>\n<p class=\"wp-block-paragraph\">The most severe of the three is CVE-2026-48778, which targets the  tag inside Notepad++\u2019s config.xml file.<\/p>\n<p class=\"wp-block-paragraph\">The editor reads this value through NppXml::value() in Parameters.cpp and stores it without any validation, whitelist, or digital signature check.<\/p>\n<p class=\"wp-block-paragraph\">When a user triggers File \u2192 Open Containing Folder \u2192 cmd, the application creates a command object using the attacker-controlled string and passes it directly to ShellExecute() effectively executing whatever executable the attacker has planted.<\/p>\n<p class=\"wp-block-paragraph\">A simple proof-of-concept payload placing calc.exe in the XML tag causes Windows Calculator to launch instead of the intended command prompt, confirming full code execution capability.<\/p>\n<p class=\"wp-block-paragraph\">Researchers identified several realistic paths an attacker could exploit CVE-2026-48778:<\/p>\n<ul class=\"wp-block-list\">\n<li><strong>Direct config file write<\/strong> \u2014 any process running under the same user account can modify %APPDATA%Notepad++config.xml<\/li>\n<li><strong>Malicious shortcut (.lnk)<\/strong> \u2014 using the -settingsDir= flag to redirect Notepad++ to an attacker-controlled settings directory.<\/li>\n<li><strong>Cloud sync poisoning<\/strong> \u2014 Notepad++ supports a user-configurable cloud path, which an attacker could poison through compromised cloud storage.<\/li>\n<li><strong>Social engineering via archive extraction<\/strong> \u2014&#8230;<\/li>\n<\/ul>\n<p><a href=\"https:\/\/cybersecuritynews.com\/critical-notepad-vulnerabilities\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Critical Notepad++ Vulnerabilities Allow Attackers to Execute Arbitrary Code https:\/\/cybersecuritynews.com\/critical-notepad-vulnerabilities\/ Publish Date: 2026-05-29 18:51:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":259174,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"http:\/\/cybersecuritynews.com\/wp-content\/uploads\/2026\/05\/Critical-Notepad-Vulnerabilities.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[90,57],"class_list":["post-259172","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cve","tag-security"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/259172"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=259172"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/259172\/revisions"}],"predecessor-version":[{"id":259176,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/259172\/revisions\/259176"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/259174"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=259172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=259172"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=259172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}