—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Notepad++

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Notepad++ versions prior to 8.9.6.1

Overview

Multiple vulnerabilities have been reported in Notepad++, which could be exploited by an attacker to execute arbitrary code or cause the application to crash.

Target Audience:

All organizations and individuals using Notepad++.

Risk Assessment:

Potential for arbitrary code execution and denial of service .

Impact Assessment:

Arbitrary code execution and application crash.

Description

Notepad++ is a free, open-source text and source code editor for Windows, widely used by developers and IT professionals.

These vulnerabilities exist due to improper handling of config.xml file and inadequate validation of certain input data inside shortcuts.xml file. An attacker could exploit these vulnerabilities by supplying specially crafted input or manipulating the affected configuration file.

Successful exploitation could allow an attacker to execute arbitrary code execution or cause the application to crash.

Solution

Apply the necessary security updates as recommended by the vendor.

https://notepad-plus-plus.org/news/v8961-released/

Vendor Information

 

https://notepad-plus-plus.org/news/v8961-released/

References

 

https://notepad-plus-plus.org/news/v8961-released/

CVE Name

CVE-2026-48770

CVE-2026-48778

CVE-2026-48800

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmooIboACgkQ3jCgcSdc

ys8HsQ//S8BkJB1gKxI11cjhKDnsMDjGCrmKSv9NHxjBI+eZQwrw/jTplNU6nI9G

bDCjGowbS7JcBfjrP/c+jDEBo0PyKOOJTHGAF6UHXxuwTJLROiGqD8o4rfMo0MI2

/fhc+esm+9b5nazQ6eCGIa+5AO3QNBgtFObh9zAGslwX1fI+TLIhw/SDHoHJIK84

PzmtGPKEmh8rpgYjzWC9kdF4I2SVjS3nQMdXtpwdrM8qBck2B5VCIFV3nGeNErDk

5O5ZjyTxWyK57r8ZNiQriZFq/BDoArtG0T8lJrtvmXFS5bKuVAEeADHQqEJhNItk

1lGuNEQGp4zx3e1H1f0KpjqZ6WnG+DBkChEhF2Hyq2Xw+D08GZuWNNdeIsxQYb4q

iLgoxm1rES/5/Jp7D6G5XlDYfx+arSzstysBCDhbw9vkoLkOOBdUqVLq/VHSjIxw

DBVb/uy3w6kc4strp2bz17ArQjEao7coweG8J5mDlXzbLez6R66DI4JNOAzB5QO5

9P/NCeiDPiIjkb099zdkqSDRFsstcvT0xP22QeDxjMb20ve+Sf1vd4aCZ+JGGsuy

6mtpbkbrzg3H0Q4V88DSp/dl1ChCxuzjJDzBPfIq1/8uwFs0H8FnyCjWbZI7LRwl

j/CsSCaNhV/A0HWFs+xnWlfPSl8OpDpbTl8bkuIQPJ+C17+bkPg=

=e+Dl

—–END PGP SIGNATURE—–