Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

notepad-plus-plus — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting notepad-plus-plus. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Notepad-plus-plus serves as a lightweight text editor and source code viewer for Windows, supporting multiple programming languages. Historically, it has been susceptible to remote code execution, buffer overflow, and privilege escalation vulnerabilities, often through crafted file handling. The application has faced eight CVEs, including issues allowing arbitrary code execution via malicious files or insecure DLL loading. While no major security incidents have been widely documented, its frequent updates suggest ongoing attention to vulnerabilities. Users should exercise caution with untrusted files due to potential RCE risks, though the application remains a popular choice for developers seeking a free, feature-rich editing tool.

Top products by notepad-plus-plus: notepad-plus-plus
CVE IDTitleCVSSSeverityPublished
CVE-2026-25926 Notepad++ has an Untrusted Search Path — notepad-plus-plusCWE-426 7.3 High2026-02-18
CVE-2025-15556 Notepad++ < 8.8.9 WinGUp Updater Lacks Update Integrity Verification — notepad-plus-plusCWE-494 7.0AIHighAI2026-02-03
CVE-2025-49144 Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path — notepad-plus-plusCWE-272 7.3 High2025-06-23
CVE-2023-40166 Notepad++ heap buffer read overflow in FileManager::detectLanguageFromTextBegining — notepad-plus-plusCWE-120 5.5 Medium2023-08-25
CVE-2023-40164 Notepad++ global buffer read overflow in nsCodingStateMachine::NextState — notepad-plus-plusCWE-120 5.5 Medium2023-08-25
CVE-2023-40036 Notepad++ global buffer read overflow in CharDistributionAnalysis::HandleOneChar — notepad-plus-plusCWE-120 5.5 Medium2023-08-25
CVE-2023-40031 Notepad++ vulnerable to heap buffer write overflow in Utf8_16_Read::convert — notepad-plus-plusCWE-120 7.8 High2023-08-25
CVE-2022-32168 notepad-plus-plus - DLL Hijacking — notepad-plus-plusCWE-427 7.8 -2022-09-28

This page lists every published CVE security advisory associated with notepad-plus-plus. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.