CVE-2026-6539

Notepad++ 8.9.3 is affected by a vulnerability described as a format string injection in the Find Results panel handler, triggered by a malicious nativeLang.xml language pack. The issue can be introduced by poisoned language packs distributed via community channels and triggers format string inte...

CVE-2023-40031

Notepad++ versions

CVE-2023-40166

CVE-2023-40166 affects Notepad++ versions prior to 8.5.7. The issue is a heap buffer read overflow in FileManager::detectLanguageFromTextBegining, which can leak internal memory information and, per related advisories, may enable arbitrary code execution under some conditions. Public exploits exi...

CVE-2019-16294

Notepad++ (x64) before version 7.7 is affected by CVE-2019-16294 due to SciLexer.dll (Scintilla) processing crafted Unicode in .ml files, enabling remote code execution or denial of service. Exploitation targets the SciLexer.dll component within Notepad++, with a local/remote feasibility dependin...

CVE-2023-40164

Notepad++ prior to 8.5.7 is affected by a global buffer overflow issue in Notepad++ core components: a read overflow in nsCodingStateMachine::NextStater (NVD) and a related heap buffer overflow in Utf8_16_Read::convert (PT-2023-4643). Impact is described as potential leakage of internal memory in...

CVE-2023-40036

Notepad++

CVE-2023-6401

CVE-2023-6401 affects NotePad++ up to version 8.1. The vulnerability is DLL search/path hijacking in dbghelp.dll loaded by the application, enabling local attackers to execute arbitrary code. The root cause is an uncontrolled search path that can cause the malicious dbghelp.dll in the application...

CVE-2022-32168

Summary: Notepad++

CVE-2026-5525

CVE-2026-5525 affects Notepad++ up to version 8.9.3. The issue is a stack-based buffer overflow in the file drop handler (WM_DROPFILES) when dropping a directory path of exactly 259 characters without a trailing backslash. The handler appends a backslash and a null terminator without proper bound...

CVE-2022-31902

CVE-2022-31902 affects Notepad++ v8.4.1, with a stack overflow in the Finder::add() function. The Root Cause/Impact are described as a stack overflow; CVSS metrics in the initial document show local attack vector, low attack complexity, no privileges required, but user interaction is required and...

CVE-2022-31901

CVE-2022-31901 concerns a buffer overflow in Notepad_plus::addHotSpot of Notepad++ (up to version 8.4.3 and earlier). The vulnerability can cause the application to crash when processing two crafted files, as described across multiple sources (Notepad++ vulnerability entries and related advisorie...

CVE-2025-15556

Notepad++ versions prior to 8.8.9 using the WinGUp updater are affected by an update integrity verification vulnerability: downloaded update metadata and installers are not cryptographically verified. An attacker who can intercept or redirect update traffic can cause the updater to download and e...

CVE-2023-47452

CVE-2023-47452 affects Notepad++ 6.5; vulnerability is an Untrusted search path allowing local privilege escalation via msimg32.dll loaded from the current working directory. Root cause: loading a system DLL from CWD can override expected DLLs. Impact (as stated): local privilege escalation with ...

CVE-2026-25926

CVE-2026-25926 (Notepad++) is an Unsafe Search Path vulnerability (CWE-426) affecting Notepad++ versions prior to 8.9.2. The issue arises when launching explorer.exe without an absolute path, allowing an attacker who controls the process working directory to execute a malicious explorer.exe, pote...