AI description
CVE-2026-48770 is a vulnerability identified in Notepad++ that was addressed in version 8.9.6.1, released on May 26, 2026. This flaw is described as a crash vulnerability that can be triggered by malformed structures. Exploitation of CVE-2026-48770 could potentially lead to denial-of-service conditions within the application. This vulnerability was patched alongside other issues, including CVE-2026-48778 and CVE-2026-48800, which involved arbitrary code execution and improper handling of configuration files.
- Description
- Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WM_COPYDATA message to Notepad++ using the COPYDATA_FULL_CMDLINE path. The handler appears to process COPYDATASTRUCT.lpData as an unbounded NUL-terminated wchar_t* instead of enforcing COPYDATASTRUCT.cbData. This vulnerability is fixed in 8.9.6.1.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- notepad\+\+
CVSS 3.1
- Type
- Secondary
- Base score
- 5
- Impact score
- 3.6
- Exploitability score
- 1.3
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-125
- Hype score
- Not currently trending
🚨*CVE* CVE-2026-48770 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WM_COPYDATA mes… https://t.co/BL7OImisEn ----- Traducción: CVE-2026-48770 Not… https://t.co/utmtNg
@infoflowcloud
27 Jun 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - atiilla/Notepad-8.9.6-PoC: Proof-of-concept scripts for three vulnerabilities in Notepad++ <= 8.9.6, patched in v8.9.6.1 (2026-05-26) CVE-2026-48770 / CVE-2026-48778 / CVE-2026-48800 · GitHub - https://t.co/nSK5LtNkDy
@piedpiper1616
30 May 2026
430 Impressions
1 Retweet
5 Likes
0 Bookmarks
0 Replies
0 Quotes
Notepad++ <= 8.9.6 Multiple Vulnerabilities (CVE-2026-48770, CVE-2026-48778, CVE-2026-48800) poc: https://t.co/hynIeZp5SS https://t.co/Et7ZKIEN5v
@hackingspace
29 May 2026
272 Impressions
0 Retweets
3 Likes
3 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼️ #Notepad++: disponibili #PoC per le CVE-2026-48800, CVE-2026-48778 e CVE-2026-48770 che interessano il noto editor di testo Rischio: 🔴 Tipologia: 🔸 Arbitrary Code Execution 🔸 Denial of Service 🔗 https://t.co/tG5AKVnGtJ 🔄 Aggiorname… https://
@Vulcanux_
28 May 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 اذا انت من الجيل القديم ولاتزال تستخدم Notepad++ حدّث البرنامج فوراً إلى الإصدار الأخير (v8.9.6.1). 📍 الثغرة الأولى: (CVE-2026-48770) 📍 الثغرة الثانية: (CVE-2026-48778) 📍
@buhaimedi
28 May 2026
3715 Impressions
4 Retweets
35 Likes
18 Bookmarks
3 Replies
0 Quotes
‼️ #Notepad++: disponibili #PoC per le CVE-2026-48800, CVE-2026-48778 e CVE-2026-48770 che interessano il noto editor di testo Rischio: 🔴 Tipologia: 🔸 Arbitrary Code Execution 🔸 Denial of Service 🔗 https://t.co/DEGdsIPlJS 🔄 Aggiornamenti disponibili 🔄 h
@csirt_it
28 May 2026
253 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
برای ابزار پرکاربرد Notepad plus plus چندین آسیب پذیری از نوع Code execution با کدهای شناسایی CVE-2026-48770 و CVE-2026-48778 و CVE-2026-48800 منتشر شده است . برای امن سازی به نسخه 8.9.6.1 به رو
@EthicalSafe
28 May 2026
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:notepad-plus-plus:notepad\\+\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D0325F-713A-4523-8DE8-51517017DC16",
"versionEndExcluding": "8.9.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]