PCWorld reports that Windows Notepad’s new Markdown support feature has introduced a serious remote code execution vulnerability with a high CVSS score of 8.8/7.7. The security flaw allows malicious ...

Bad actors could use the flaw to remotely load and execute malicious files on a victim’s computer. Bad actors could use the flaw to remotely load and execute malicious files on a victim’s computer. is ...

Microsoft patches Windows 11 Notepad RCE flaw CVE-2026-20841 Vulnerability exploited Markdown links to execute malicious code with user permissions Patch Tuesday update fixes issue; versions 11.2510 ...

Bloat Risk? Microsoft's Notepad Upgrade Also Introduced a Vulnerability The flaw exploits Notepad’s recently added support for Markdown, a formatting language used on websites and in files, to run ...

Just months after Microsoft added Markdown support to Notepad, researchers have found the feature can be abused to achieve remote code execution (RCE).… Tracked as CVE-2026-20841 (8.8), the ...

The big picture: Microsoft released its latest Patch Tuesday update this week with 59 hotfixes across Windows, Microsoft Office, Azure, and core system components. The update includes patches for six ...

Share on Facebook (opens in a new window) Share on X (opens in a new window) Share on Reddit (opens in a new window) Share on Hacker News (opens in a new window) Share on Flipboard (opens in a new ...

TL;DR: Windows 11's Notepad app has a security flaw rated as a 'high' severity vulnerability, one that allows for remote code execution. The good news is that it's already been patched by Microsoft, ...

Infrastructure delivering updates for Notepad++—a widely used text editor for Windows—was compromised for six months by suspected China-state hackers who used their control to deliver backdoored ...

Microsoft’s effort to modernize the humble Notepad app has come with a cost: Security researchers have discovered a serious vulnerability in the program following a feature update. The flaw, which ...

TL;DR: Notepad++ was compromised for six months, but it wasn't the software itself which the exploit leveraged, but its hosting provider. An investigation into the attack has just been concluded with ...