Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

notepad-plus-plus — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting notepad-plus-plus. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Notepad-plus-plus serves as a lightweight text editor and source code viewer for Windows, supporting multiple programming languages. Historically, it has been susceptible to remote code execution, buffer overflow, and privilege escalation vulnerabilities, often through crafted file handling. The application has faced eight CVEs, including issues allowing arbitrary code execution via malicious files or insecure DLL loading. While no major security incidents have been widely documented, its frequent updates suggest ongoing attention to vulnerabilities. Users should exercise caution with untrusted files due to potential RCE risks, though the application remains a popular choice for developers seeking a free, feature-rich editing tool.

Top products by notepad-plus-plus: notepad-plus-plus
CVE IDTitleCVSSSeverityPublished
CVE-2026-48770 Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash — notepad-plus-plusCWE-125 5.0 Medium2026-06-26
CVE-2026-48778 Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter — notepad-plus-plusCWE-78 7.8 High2026-06-26
CVE-2026-52885 Notepad++ TOCTOU: HMAC Checks Disk, Executes from Memory — notepad-plus-plusCWE-367--2026-06-26
CVE-2026-46710 Notepad++: Privilege Escalation in the Installer via Uncontrolled Executable Search Path — notepad-plus-plusCWE-426--2026-06-26
CVE-2026-48800 Notepad++: Arbitrary Code Execution via shortcuts.xml UserCommand Injection — notepad-plus-plusCWE-78 7.8 High2026-06-26
CVE-2026-52884 Notepad++: CVE-2026-48800 Bypass — notepad-plus-plusCWE-42 7.8 High2026-06-26
CVE-2026-25926 Notepad++ has an Untrusted Search Path — notepad-plus-plusCWE-426 7.3 High2026-02-18
CVE-2025-15556 Notepad++ < 8.8.9 WinGUp Updater Lacks Update Integrity Verification — notepad-plus-plusCWE-494 7.0AIHighAI2026-02-03
CVE-2025-49144 Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path — notepad-plus-plusCWE-272 7.3 High2025-06-23
CVE-2023-40166 Notepad++ heap buffer read overflow in FileManager::detectLanguageFromTextBegining — notepad-plus-plusCWE-120 5.5 Medium2023-08-25
CVE-2023-40164 Notepad++ global buffer read overflow in nsCodingStateMachine::NextState — notepad-plus-plusCWE-120 5.5 Medium2023-08-25
CVE-2023-40036 Notepad++ global buffer read overflow in CharDistributionAnalysis::HandleOneChar — notepad-plus-plusCWE-120 5.5 Medium2023-08-25
CVE-2023-40031 Notepad++ vulnerable to heap buffer write overflow in Utf8_16_Read::convert — notepad-plus-plusCWE-120 7.8 High2023-08-25
CVE-2022-32168 notepad-plus-plus - DLL Hijacking — notepad-plus-plusCWE-427 7.8 -2022-09-28

This page lists every published CVE security advisory associated with notepad-plus-plus. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.