Notepad++ vulnerabilities could enable arbitrary code execution on Windows systems
Summary
Two high-severity vulnerabilities (CVE-2026-48778 and CVE-2026-48800) in Notepad++ allow local attackers to execute arbitrary code by tampering with the editor's XML configuration files. These flaws affect versions up to 8.9.6 and were patched in version 8.9.6.1.
IFF Assessment
The identified vulnerabilities allow for arbitrary code execution, which is a significant threat to system security.
Severity
The CVSS score of 7.8 is explicitly mentioned in the article for both CVE-2026-48778 and CVE-2026-48800, indicating a High severity with significant impact and exploitability.
Defender Context
This article highlights a critical vulnerability in a widely used code editor, Notepad++, that enables arbitrary code execution. Defenders should prioritize patching Notepad++ to version 8.9.6.1 or later to mitigate these risks and be aware of the potential for attackers to exploit misconfigurations in XML files for persistence.