5 matches found
CVE-2026-6539
Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through...
CVE-2026-6539
Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through...
CVE-2026-6539 Notepad++ 8.9.3 Format String Injection via nativeLang.xml
Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through...
CVE-2026-6539
Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through...
PT-2026-36185
Name of the Vulnerable Software and Affected Versions Notepad++ version 8.9.3 Description A format string injection exists in the Find Results panel handler. This occurs when the application processes a maliciously crafted nativeLang.xml language pack file. An attacker can distribute a poisoned...