Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-20841— Windows Notepad App Remote Code Execution Vulnerability

CVSS 7.8 · High EPSS 0.12% · P31
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-20841

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Windows Notepad App Remote Code Execution Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Windows Notepad 命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Windows Notepad是美国微软(Microsoft)公司的一个文本编辑程序。 Microsoft Windows Notepad存在命令注入漏洞。攻击者利用该漏洞可以远程执行代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
MicrosoftWindows Notepad 11.0.0 ~ 11.2512 -

II. Public POCs for CVE-2026-20841

#POC DescriptionSource LinkShenlong Link
1PoChttps://github.com/BTtea/CVE-2026-20841-PoCPOC Details
2CVE-2026-20841 - Windows notepad.exe RCEhttps://github.com/RajaUzairAbdullah/CVE-2026-20841POC Details
3PoC for the "Windows Notepad RCE"https://github.com/tangent65536/CVE-2026-20841POC Details
4Nonehttps://github.com/patchpoint/CVE-2026-20841POC Details
5Nonehttps://github.com/uky007/CVE-2026-20841_notepad_analysisPOC Details
6Nonehttps://github.com/atiilla/CVE-2026-20841POC Details
7CVE-2026-20841https://github.com/dogukankurnaz/CVE-2026-20841-PoCPOC Details
8PoC for a remote code execution flaw in Windows Notepad's markdown renderer. The markdown engine does not restrict URL protocols, allowing arbitrary protocol handlers to be triggered via clickable linkshttps://github.com/SecureWithUmer/CVE-2026-20841POC Details
9Proof of Concept for CVE-2026-20841https://github.com/hackfaiz/CVE-2026-20841-PoCPOC Details
10Nonehttps://github.com/EleniChristopoulou/PoC-CVE-2026-20841POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-20841

登录查看更多情报信息。

Same Patch Batch · Microsoft · 2026-02-10 · 54 CVEs total

CVE-2026-215319.8 CRITICALAzure SDK for Python Remote Code Execution Vulnerability
CVE-2026-215378.8 HIGHMicrosoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability
CVE-2026-215108.8 HIGHWindows Shell Security Feature Bypass Vulnerability
CVE-2026-215168.8 HIGHGitHub Copilot for Jetbrains Remote Code Execution Vulnerability
CVE-2026-215138.8 HIGHMSHTML Framework Security Feature Bypass Vulnerability
CVE-2026-212558.8 HIGHWindows Hyper-V Security Feature Bypass Vulnerability
CVE-2026-215188.8 HIGHGitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
CVE-2026-212568.8 HIGHGitHub Copilot and Visual Studio Remote Code Execution Vulnerability
CVE-2026-212288.1 HIGHAzure Local Remote Code Execution Vulnerability
CVE-2026-212578.0 HIGHGitHub Copilot and Visual Studio Elevation of Privilege Vulnerability
CVE-2026-212298.0 HIGHPower BI Remote Code Execution Vulnerability
CVE-2026-215238.0 HIGHGitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
CVE-2026-212507.8 HIGHWindows HTTP.sys Elevation of Privilege Vulnerability
CVE-2026-212597.8 HIGHMicrosoft Excel Elevation of Privilege Vulnerability
CVE-2026-215337.8 HIGHWindows Remote Desktop Services Elevation of Privilege Vulnerability
CVE-2026-215147.8 HIGHMicrosoft Word Security Feature Bypass Vulnerability
CVE-2026-212317.8 HIGHWindows Kernel Elevation of Privilege Vulnerability
CVE-2026-212387.8 HIGHWindows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-212367.8 HIGHWindows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-212397.8 HIGHWindows Kernel Elevation of Privilege Vulnerability

Showing top 20 of 54 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: Microsoft
Same weakness: CWE-77

V. Comments for CVE-2026-20841

No comments yet

Leave a comment