Microsoft has fixed CVE-2026-20841, a high-severity remote code execution (RCE) vulnerability in the current version of the Windows Notepad application This article explores notepad exe windows. . The February 2026 Patch Tuesday release included this bug.

It was initially discovered by Delta Obscura security researchers Cristian Papa and Alasdair Gorniak. It was then thoroughly examined by TrendAI Research's Nikolai Skliarenko and Yazhi Wang. Command injection in Notepad's Markdown handling is the cause of the problem. Unlike the outdated Notepad.exe in Windows, this updated version is available from the Microsoft Store.

It creates interactive links in.md files. A malicious Markdown file can be created by attackers. Ctrl+clicking a malicious hyperlink occurs when victims open it in Notepad. This uses the user's account to execute arbitrary commands.

Link clicks are handled by a vulnerable function called sub_140170F60().

Weak filtering is followed by the link being sent to ShellExecuteExW(). Only leading or trailing slashes are eliminated. Protocols like file:// and ms-appinstaller:// are not supported.

Without Windows warnings, these load malicious files. Because ShellExecuteExW() makes use of system handlers, custom setups increase the risk. CVE ID CVSS Score Description CVE-2026-20841 7.8 (High) RCE via command injection in the handling of modern Windows Notepad Markdown links, enabling arbitrary command execution when Ctrl+click is pressed. Details of the Patch and the Attack Vector According to the Zero Day Initiative analysis, exploitation requires user action.

The file is sent by attackers through phishing, downloads, and emails. However, victims have to open it in Notepad.Click the link. By default, md files aren't linked. There are now real-world risks because a public proof-of-concept is available on GitHub.

Notepad versions 11.2508 and below are affected by the bug.

It is fixed by the Microsoft Store update to build 11.2510 or later. Legacy Notepad.exe remains secure. Microsoft recommends auto-updates, but there are no workarounds.

Endpoints need to be checked by organizations. Turn on fleet-wide updates for the Microsoft Store. To enforce version 11.2510+, use tools. Look for outdated installs.

This emphasizes the dangers of Markdown in common apps. Although it appeared useful, Notepad's preview mode opened doors. Threat actors may quickly turn PoC into a weapon after it is released. To prevent attacks, update now.

Make ZeroOwl your preferred source in Google