A serious security vulnerability was discovered in the Windows Notepad application, allowing hackers to take control of user computers. Microsoft has patched the flaw.
The Windows 11 Notepad application, recently updated with AI features, contained a high-severity security vulnerability that exposed users to dangerous attacks. Hackers could remotely compromise users' systems with a single click by sending specially crafted text files. Here are the details:
Affects Modern Windows Notepad Application
The flaw (CVE-2026-20841) is a remote code execution (RCE) vulnerability in Windows Notepad. It occurs because the application does not properly sanitize or block dangerous special characters in certain commands. This vulnerability specifically affects the modern Windows Notepad application from the Microsoft Store when processing Markdown (.md) files.
According to Microsoft's statement, an attacker could exploit this Notepad vulnerability to create a malicious Markdown file containing specially crafted links. When a user opens the file and clicks on one of these links, a script is initiated, downloading and executing malicious code. If successful, the attacker gains full control over the victim's computer and all associated permissions.
Patched with February 2026 Update
Microsoft has patched this security vulnerability with a recently released security update. Users are advised to install the latest Windows updates and keep their Notepad application up to date.
0 Comments: