CVE-2026-20841

Published Feb 10, 2026

Last updated 3 months ago

CVSS high 7.8
Port (135)

Overview

Description
Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_notepad

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-77

Social media

Hype score
Not currently trending

  1. Top 5 Trending CVEs: 1 - CVE-2026-44578 2 - CVE-2016-5195 3 - CVE-2026-0073 4 - CVE-2026-20841 5 - CVE-2025-14180 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    15 May 2026

    320 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Top 5 Trending CVEs: 1 - CVE-2026-20841 2 - CVE-2025-55177 3 - CVE-2026-1731 4 - CVE-2025-9961 5 - CVE-2026-22182 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    16 Feb 2026

    111 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Top 5 Trending CVEs: 1 - CVE-2026-25253 2 - CVE-2026-20841 3 - CVE-2025-35027 4 - CVE-2025-2894 5 - CVE-2025-33219 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    14 Feb 2026

    71 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  4. Top 5 Trending CVEs: 1 - CVE-2022-1743 2 - CVE-2026-20841 3 - CVE-2025-15556 4 - CVE-2026-25253 5 - CVE-2026-1731 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    13 Feb 2026

    140 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Top 5 Trending CVEs: 1 - CVE-2026-20841 2 - CVE-2026-23760 3 - CVE-2026-21508 4 - CVE-2024-27834 5 - CVE-2026-21514 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    12 Feb 2026

    117 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.CVE-2026-33826
  2. Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally.CVE-2026-20821
  3. Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network.CVE-2025-59502
  4. Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.CVE-2025-49716
  5. Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.CVE-2025-48814

References

Sources include official advisories and independent security research.