Two arbitrary code execution vulnerabilities in Notepad++ let local attackers run commands of their choice on Windows machines by tampering with the editor’s XML configuration files, with both flaws rated High at CVSS 7.8.
The flaws, tracked as CVE-2026-48778 and CVE-2026-48800, affect every version of the editor up to and including 8.9.6, Notepad++ said in a release note. However, the vulnerabilities were patched the same day in version 8.9.6.1, alongside a third lower-severity crash bug, CVE-2026-48770, Notepad ++ author Dun Ho wrote in the release note.
The two code execution flaws share a single design weakness. Notepad++ stores user choices, such as the path to the command-line interpreter and the list of user-defined commands, inside XML files in the user’s profile directory. The editor reads those values and passes them to the operating system as commands without checking what they contain, according to a GitHub Security Advisory on Notepad++ published on May 27.
Anyone who can write to the XML files can decide what the editor executes, the advisory said.
A backdoor that hides in the Run menu
The more concerning of the two flaws, CVE-2026-48800, targets the file that holds user-defined Run menu entries.
Notepad++ reads its user-defined commands from a file called shortcuts.xml and accepts whatever it finds there without validation, the advisory said. An attacker who can write to that file can add an entry that launches an arbitrary executable when the user clicks it in the Run menu.
“The injected commands appear with legitimate-looking names in the Run menu, making them appear as normal user-created shortcuts,” the advisory said. “This creates a viable persistence mechanism, as the injected commands survive reboots.”
The proof of concept Ho published shows an injected entry named “System Update Check” that launches Windows Calculator. Italian researcher Michele Piccinni reported the flaw.
A second path through the command-line interpreter
The second code execution bug, CVE-2026-48778, targets a different file. Notepad++ stores the path to its command-line interpreter in a file called config.xml and accepts whatever value it finds there as the program to launch when the user opens a folder in cmd, a separate advisory said. The interpreter path is stored “without any validation, whitelist, or digital signature check,” the advisory said. An attacker who edits config.xml can substitute any executable for the real Windows command prompt. Piccinni reported this one as well.
Neither flaw lets an attacker reach the XML files on their own, the advisories said. Both assume the attacker already has the ability to write to the user’s AppData directory or can trick the user into running Notepad++ against a poisoned settings folder, whether through local malware, a malicious Windows shortcut, cloud-synced settings, or a social-engineered archive extraction.
The third patched flaw, CVE-2026-48770, follows the same theme of unchecked input but stops short of code execution. A local process in the same Windows session can send the editor a malformed inter-process message that reliably crashes it, the advisory added. The bug carries a CVSS score of 5.0.
A question mark over MSI patch delivery
Notepad++ users can download the patched 8.9.6.1 binaries from the project’s download page, which offers both the EXE installer and an MSI installer for enterprise IT deployment that Ho added in November 2025.
The MSI followed sustained enterprise demand that intensified after a Chinese state-sponsored group hijacked the editor’s update infrastructure for six months in 2025 and after Ho hardened the update mechanism in February with cryptographic integrity checks.
The advisories recommended that users monitor the AppData folder on machines running Notepad++ for unexpected changes to shortcuts.xml and config.xml. The persistence of both flaws leaves no trace at the installation directory and no change to the Notepad++ binary itself, the advisories said, which means endpoint tools that look only at executables will miss it. Ho published no indicators of compromise.
No Responses