CVE-2026-42214

Notepad Next (NotepadNext) before version 0.14 is affected by CVE-2026-42214. The vulnerability lies in detectLanguageFromExtension(), which inserts a file extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which executes...