CVE-2026-38972
Notepad3 (up to version 6.25.822.1) is vulnerable to a DLL search-order hijacking in the About-dialog path (src/Notepad3.c). The code calls LoadLibrary(L"MSFTEDIT.DLL") with a bare DLL name, allowing a local attacker to drop a malicious MSFTEDIT.DLL in the application directory or another DLL sea...