CVE-2026-25926
published 2026-02-19CVE-2026-25926: Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability (CWE-426) exists in versions prior to 8.9.2 when launching Windows…
PriorityP340high7.3CVSS 3.1
AVLACLPRLUIRSUCHIHAH
EPSS
0.25%
15.9th percentile
Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability (CWE-426) exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process working directory. Under certain conditions, this could lead to arbitrary code execution in the context of the running application. Version 8.9.2 patches the issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| notepad-plus-plus | notepad | < 8.9.2 | 8.9.2 |
| notepad-plus-plus | notepad-plus-plus | < 8.9.2 | 8.9.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2025-15556 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-15556 [HIGH] CVE-2025-15556 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15556 :
Notepad++ vulnerability analysis and mitigation
Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download and execute an attacker-controlled installer, resulting in arbitrary code execution with the privileges of the user.
Source : NVD
## 7.7
Score
Published February 3, 2026
Severity HIGH
CNA Score 7.7
High-profile Vulnerability Yes
Affected Technologies
Notepad++
Has Public Exploit Yes
Has CISA KEV Exploit Yes
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 90
Exploitation P
Wiz
CVE-2026-25926 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-25926 [HIGH] CVE-2026-25926 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25926 :
Notepad++ vulnerability analysis and mitigation
Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability (CWE-426) exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process working directory. Under certain conditions, this could lead to arbitrary code execution in the context of the running application. Version 8.9.2 patches the issue.
Source : NVD
## 7.3
Score
Published February 19, 2026
Severity HIGH
CNA Score 7.3
Affected Technologies
Notepad++
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2
2026-02-19
Published