| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2026-5525 | 10 Apr 202607:40 | – | attackerkb | |
| CVE-2026-5525 | 10 Apr 202610:06 | – | circl | |
| Notepad++ 安全漏洞 | 10 Apr 202600:00 | – | cnnvd | |
| CVE-2026-5525 | 10 Apr 202607:40 | – | cve | |
| CVE-2026-5525 Stack-Based Buffer Overflow in Notepad++ File Drop Handler leads to DoS | 10 Apr 202607:40 | – | cvelist | |
| EUVD-2026-21334 | 10 Apr 202609:31 | – | euvd | |
| CVE-2026-5525 | 10 Apr 202608:16 | – | nvd | |
| PT-2026-31894 | 10 Apr 202600:00 | – | ptsecurity | |
| CVE-2026-5525 | 5 Jun 202619:35 | – | redhatcve | |
| CVE-2026-5525 Stack-Based Buffer Overflow in Notepad++ File Drop Handler leads to DoS | 10 Apr 202607:40 | – | vulnrichment |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(306546);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/08");
script_cve_id("CVE-2026-5525");
script_xref(name:"IAVA", value:"2026-A-0321-S");
script_name(english:"Notepad++ <= 8.9.3 Stack-based Buffer Overflow (CVE-2026-5525)");
script_set_attribute(attribute:"synopsis", value:
"A text editor on the remote Windows host is affected by a stack-based buffer overflow vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Notepad++ installed on the remote host is 8.9.3 or earlier. It is, therefore,
affected by a stack-based buffer overflow vulnerability:
- A stack-based buffer overflow exists in the file drop handler component (WM_DROPFILES). When
a user drags and drops a directory path of exactly 259 characters without a trailing backslash,
the application appends a backslash and null terminator without proper bounds checking, resulting
in a stack buffer overflow and application crash. (CVE-2026-5525)
Note that Nessus has not tested for this issue but has instead relied only on the application's
self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://github.com/notepad-plus-plus/notepad-plus-plus/issues/17921");
script_set_attribute(attribute:"see_also", value:"https://github.com/notepad-plus-plus/notepad-plus-plus/pull/17930");
# https://github.com/notepad-plus-plus/notepad-plus-plus/commit/bfe7514d68bc559534c046c4ef2d1865267aa2b0
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?edb17e85");
script_set_attribute(attribute:"solution", value:
"Upgrade to a version of Notepad++ later than 8.9.3 when available.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-5525");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/03/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:notepad-plus-plus:notepad\+\+");
script_set_attribute(attribute:"stig_severity", value:"I");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("notepad_plus_plus_win_installed.nbin");
script_require_keys("installed_sw/Notepad++", "SMB/Registry/Enumerated");
exit(0);
}
include('vdf.inc');
# @tvdl-content
var vuln_data = {
'metadata': {'spec_version': '1.0'},
'requires': [
{'scope': 'target', 'match': {'os': 'windows'}}
],
'checks': [
{
'product': {'name': 'Notepad++', 'type': 'app'},
'check_algorithm': 'default',
'constraints': [
{'max_version': '8.9.3', 'fixed_display': 'See vendor advisory'}
]
}
]
};
var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_WARNING);
vdf::handle_check_and_report_errors(vdf_result:result);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation