AI description
CVE-2026-48778 is a vulnerability identified in Notepad++, a popular open-source text editor for Windows. This flaw resides in how the application processes its `config.xml` configuration file, specifically within the `<GUIConfig name="commandLineInterpreter">` tag. The value from this tag is read and stored without any validation or digital signature checks. When a user initiates the "File → Open Containing Folder → cmd" action, Notepad++ passes the unvalidated string from the `commandLineInterpreter` tag directly to the `ShellExecute()` function. This allows an attacker to substitute an arbitrary executable in place of the intended command interpreter, leading to arbitrary code execution. Potential exploitation vectors include direct modification of the `config.xml` file, use of malicious shortcuts with the `-settingsDir=` flag, or cloud sync poisoning. The vulnerability was addressed in Notepad++ version 8.9.6.1.
- Description
- Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <GUIConfig name="commandLineInterpreter"> tag in config.xml is read by NppXml::value() (Parameters.cpp:6430) and stored in _nppGUI._commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDM_FILE_OPEN_CMD (File → Open Containing Folder → cmd), NppCommands.cpp:228 creates a Command object with this value and calls run(), which invokes ShellExecute (RunDlg.cpp:221) with the attacker-controlled string as the executable path. This vulnerability is fixed in 8.9.6.1.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- notepad\+\+
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-78
- Hype score
- Not currently trending
🚨*CVE* CVE-2026-48778 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the
@infoflowcloud
27 Jun 2026
36 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerabilidades en productos Notepad++ ❗ CVE-2026-48800 ❗ CVE-2026-48778 ➡️ Más info: https://t.co/YIct5soKdR https://t.co/vGNRxPAhql
@CERTpy
11 Jun 2026
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-48778: Notepad++ has released a security advisory addressing multiple critical vulnerabilities, including two arbitrary code execution flaws. The most severe flaw, CVE-2026-48778, allows attackers to silently run malicious code on a victim's machine via…
@lyrie_ai
8 Jun 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Attention, elevated activities detected targeting Notepad++ (CVE-2026-48778) https://t.co/KNBmqMi8nc
@vuldb
5 Jun 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-48778 & CVE-2026-48800 | Notepad++ | CVSS 7.8 HIGH 🐛 Config file injection - fake Run menu entries execute attacker code and survive reboots ✅ Fixed: Notepad++ 8.9.6.1 (May 27) 🔗 https://t.co/4APJxtIc56 #CVE #Cybersecurity #InfoSec #PatchNow
@mwbengtsson
2 Jun 2026
471 Impressions
1 Retweet
1 Like
0 Bookmarks
1 Reply
0 Quotes
安全圈最近投喂的PoC仓库一堆跑不动的,但这个poc-lab有点意思。每个CVE目录配好了exploit脚本和复现指南,从Linux内核到Chrome、Redis、Notepad++,覆盖的都是今年高严重性漏洞。最近更新的CVE-2026-48778 Notepad++ RCE和CVE-20
@vintcessun
1 Jun 2026
37 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
Notepad++で深刻なコマンドインジェクションの脆弱性が2件修正。shortcuts.xmlからのCVE-2026-48800とconfig.xmlからのCVE-2026-48778。PoC(攻撃の概念実証コード)公開済み。 https://t.co/XVVXBpn5WN
@__kokumoto
1 Jun 2026
1084 Impressions
1 Retweet
7 Likes
2 Bookmarks
0 Replies
0 Quotes
A Notepad++ arbitrary code execution vulnerability (CVE-2026-48778) allows attackers to replace cmd.exe with malicious executables via config.xml. https://t.co/FTUmvdJdf5 #NotepadPlusPlus #CVE #ArbitraryCodeExecution #ConfigXML #WindowsSecurity #AppData #InfoSec https://t.co/zo
@redsecuretech
31 May 2026
51 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Notepad++ vulnerabilities could enable arbitrary code execution on Windows systems (CVE-2026-48778 and CVE-2026-48800) https://t.co/LpMC86gA0w #patchmanagement
@eyalestrin
30 May 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - atiilla/Notepad-8.9.6-PoC: Proof-of-concept scripts for three vulnerabilities in Notepad++ <= 8.9.6, patched in v8.9.6.1 (2026-05-26) CVE-2026-48770 / CVE-2026-48778 / CVE-2026-48800 · GitHub - https://t.co/nSK5LtNkDy
@piedpiper1616
30 May 2026
430 Impressions
1 Retweet
5 Likes
0 Bookmarks
0 Replies
0 Quotes
Se han revelado vulnerabilidades críticas (CVE-2026-48778 y CVE-2026-48800) en el popular editor Notepad++ que permiten la ejecución arbitraria de código (RCE). El fallo radica en la falta de validación de comandos dentro de los archivos de configuración (config.xml y https:
@tpx_Security
29 May 2026
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Notepad++ <= 8.9.6 Multiple Vulnerabilities (CVE-2026-48770, CVE-2026-48778, CVE-2026-48800) poc: https://t.co/hynIeZp5SS https://t.co/Et7ZKIEN5v
@hackingspace
29 May 2026
272 Impressions
0 Retweets
3 Likes
3 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼️ #Notepad++: disponibili #PoC per le CVE-2026-48800, CVE-2026-48778 e CVE-2026-48770 che interessano il noto editor di testo Rischio: 🔴 Tipologia: 🔸 Arbitrary Code Execution 🔸 Denial of Service 🔗 https://t.co/tG5AKVnGtJ 🔄 Aggiorname… https://
@Vulcanux_
28 May 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 اذا انت من الجيل القديم ولاتزال تستخدم Notepad++ حدّث البرنامج فوراً إلى الإصدار الأخير (v8.9.6.1). 📍 الثغرة الأولى: (CVE-2026-48770) 📍 الثغرة الثانية: (CVE-2026-48778) 📍
@buhaimedi
28 May 2026
3715 Impressions
4 Retweets
35 Likes
18 Bookmarks
3 Replies
0 Quotes
‼️ #Notepad++: disponibili #PoC per le CVE-2026-48800, CVE-2026-48778 e CVE-2026-48770 che interessano il noto editor di testo Rischio: 🔴 Tipologia: 🔸 Arbitrary Code Execution 🔸 Denial of Service 🔗 https://t.co/DEGdsIPlJS 🔄 Aggiornamenti disponibili 🔄 h
@csirt_it
28 May 2026
253 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
برای ابزار پرکاربرد Notepad plus plus چندین آسیب پذیری از نوع Code execution با کدهای شناسایی CVE-2026-48770 و CVE-2026-48778 و CVE-2026-48800 منتشر شده است . برای امن سازی به نسخه 8.9.6.1 به رو
@EthicalSafe
28 May 2026
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:notepad-plus-plus:notepad\\+\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D0325F-713A-4523-8DE8-51517017DC16",
"versionEndExcluding": "8.9.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]