cbcvebase.

Notepad-Plus-Plus Notepad vulnerabilities

20 known vulnerabilities affecting notepad-plus-plus/notepad.

Total CVEs
20
CISA KEV
1
actively exploited
Public exploits
2
Exploited in wild
1
Severity breakdown
HIGH12MEDIUM8

Vulnerabilities

Page 1 of 1
CVE-2025-15556P1HIGHCVSS 7.5KEVfixed in 8.8.92026-02-03
CVE-2025-15556 [HIGH] CWE-494 CVE-2025-15556: Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verifi Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download and execute an attacker-controlled installer, resulting i
nvd
CVE-2026-48778P3HIGHCVSS 7.8PoCfixed in 8.9.6.12026-06-26
CVE-2026-48778 [HIGH] CWE-78 CVE-2026-48778: Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <GUIConfig name="comma Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag in config.xml is read by NppXml::value() (Parameters.cpp:6430) and stored in _nppGUI._commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDM_FILE_OPEN_CMD (File → Open Containing Folder → cmd), NppCommands.cpp:228
nvd
CVE-2019-16294P3HIGHCVSS 7.8PoCfixed in 7.72019-09-14
CVE-2019-16294 [HIGH] CWE-787 CVE-2019-16294: SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of se SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
nvd
CVE-2026-48800P3HIGHCVSS 7.8fixed in 8.9.6.12026-06-26
CVE-2026-48800 [HIGH] CWE-78 CVE-2026-48800: Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <Command> tag text con Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::value(aNode) (Parameters.cpp:3658) in the feedUserCmds() function and stored in UserCommand._cmd without any validation. When the user clicks the corresponding entry in the Run menu, NppCommands.cpp:4264 creates a Co
nvd
CVE-2023-6401P3HIGHCVSS 7.8≤ 8.12023-11-30
CVE-2023-6401 [HIGH] CWE-427 CVE-2023-6401: A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnera A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to this vulnerability. NOTE: The vendor was contacted early abou
nvd
CVE-2026-52884P3HIGHCVSS 7.8v8.9.6.12026-06-26
CVE-2026-52884 [HIGH] CVE-2026-52884: Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory() does NOT Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory() does NOT canonicalize the path before checking. It uses a prefix-based check (PathIsPrefix() or equivalent) that matches paths starting with trusted directory strings. A path traversal using ..\..\ after a trusted directory prefix passes the check while resolving to an
nvd
CVE-2023-40031P3HIGHCVSS 7.8≤ 8.5.62023-08-25
CVE-2023-40031 [HIGH] CWE-120 CVE-2023-40031: Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to h Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++.
nvd
CVE-2026-46710P3HIGHCVSS 7.8≥ 8.9.4, < 8.9.62026-06-26
CVE-2026-46710 [HIGH] CWE-426 CVE-2026-46710: Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in the installer. During installation, the installer invokes powershell.exe without using an absolute path after setting the working directory to the installation contextMenu directory. If an attacker can pre-pl
nvd
CVE-2026-25926P3HIGHCVSS 7.3fixed in 8.9.22026-02-19
CVE-2026-25926 [HIGH] CWE-426 CVE-2026-25926: Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability (CWE-426 Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability (CWE-426) exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process working directory. Under certain conditions, this could
nvd
CVE-2026-5525P3HIGHCVSS 7.8v8.9.32026-04-10
CVE-2026-5525 [HIGH] CWE-121 CVE-2026-5525: A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handl A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds checking, resulting in a stack buffer overflow and application
nvd
CVE-2022-32168P3HIGHCVSS 7.8≥ 8.3, < 8.4.52022-09-28
CVE-2022-32168 [HIGH] CWE-427 CVE-2022-32168: Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace th Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.
nvd
CVE-2023-47452P3HIGHCVSS 7.8v6.52023-11-30
CVE-2023-47452 [HIGH] CWE-427 CVE-2023-47452: An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privile An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory.
nvd
CVE-2026-52885P3MEDIUMCVSS 6.3fixed in 8.9.6.42026-06-26
CVE-2026-52885 [MEDIUM] CWE-367 CVE-2026-52885: Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the moment a user command fires (Time-of-Check). However, the command payload is taken from the in-memory _userCommands vector, which is populated at application startup and never re-synchronized with the on-disk
nvd
CVE-2022-31901P4MEDIUMCVSS 6.5≤ 8.4.32023-01-19
CVE-2022-31901 [MEDIUM] CWE-787 CVE-2022-31901: Buffer overflow in function Notepad_plus::addHotSpot in Notepad++ v8.4.3 and earlier allows attacker Buffer overflow in function Notepad_plus::addHotSpot in Notepad++ v8.4.3 and earlier allows attackers to crash the application via two crafted files.
nvd
CVE-2023-40164P4MEDIUMCVSS 5.5≤ 8.5.62023-08-25
CVE-2023-40164 [MEDIUM] CWE-120 CVE-2023-40164: Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to g Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `nsCodingStateMachine::NextStater`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in e
nvd
CVE-2023-40166P4MEDIUMCVSS 5.5≤ 8.5.62023-08-25
CVE-2023-40166 [MEDIUM] CWE-120 CVE-2023-40166: Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to h Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are avai
nvd
CVE-2023-40036P4MEDIUMCVSS 5.5≤ 8.5.62023-08-25
CVE-2023-40036 [MEDIUM] CWE-120 CVE-2023-40036: Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to g Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `CharDistributionAnalysis::HandleOneChar`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are availab
nvd
CVE-2022-31902P4MEDIUMCVSS 5.5≤ 8.4.32023-02-01
CVE-2022-31902 [MEDIUM] CWE-787 CVE-2022-31902: Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add(). Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add().
nvd
CVE-2026-48770P4MEDIUMCVSS 5.0fixed in 8.9.6.12026-06-26
CVE-2026-48770 [MEDIUM] CWE-125 CVE-2026-48770: Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the sam Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WM_COPYDATA message to Notepad++ using the COPYDATA_FULL_CMDLINE path. The handler appears to process COPYDATASTRUCT.lpData as an unbounded NUL-terminated wchar_t* instead of enforcing COPYDATASTRUCT.
nvd
CVE-2026-6539P4MEDIUMCVSS 4.4v8.9.32026-04-30
CVE-2026-6539 [MEDIUM] CWE-134 CVE-2026-6539: Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler t Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through community channels that triggers format string interpretation
nvd
Notepad-Plus-Plus Notepad vulnerabilities | cvebase