📄 Notepad++ 8.9.6 Arbitrary Code Execution

Notepad++ versions 8.9.6 and below proof of concept arbitrary code execution exploit. Exploit Title: Notepad++ 8.9.6 - Arbitrary Code Execution Date: 2026-05-30 Exploit Author: Kavin Jindal Avyukt Security https://www.linkedin.com/in/kavin-jindal/ Vendor Homepage: https://notepad-plus-plus.org...

CVE-2026-48778

creationtimestamp| type| source ---|---|--- 2026-05-28 12:51:30+00:00| seen| https://www.acn.gov.it/portale/w/notepad-poc-pubblici-per-le-cve-2026-48800-cve-2026-48778-e-cve-2026-48770 2026-05-29 22:04:26+00:00| seen| https://bsky.app/profile/crustytldr.bsky.social/post/3mmzk5ms7vf2l 2026-05-30...

PT-2026-44401

Name of the Vulnerable Software and Affected Versions Notepad++ affected versions not specified Description Multiple issues exist in the software. The config.xml configuration file fails to neutralize special elements when processing the commandLineInterpreter parameter. Additionally, the...

PT-2026-44400

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.9.6.1 Description An issue exists in the processing of the commandLineInterpreter parameter within the config.xml configuration file. The software fails to neutralize special elements, which allows an attacker to...