Critical Notepad Security Bug Could Execute Remote Scripts, Now Fixed

News
Milan Stanojevic
Milan Stanojevic Shield
Windows Toubleshooting Expert
News
Reading time icon 2 min. read

Calendar icon Published on

notepad malware

Microsoft has fixed a serious Windows Notepad vulnerability that could allow remote code execution through malicious Markdown files, closing a high-severity security gap.

Notepad remote code execution flaw fixed in latest update

Microsoft has released a security update addressing a remote code execution vulnerability in the modern Notepad app distributed via the Microsoft Store.

The flaw, tracked as CVE-2026-20841, carries a CVSS v3.1 base score of 8.8, marking it as high severity. According to reports highlighted by Neowin, the issue stems from how Notepad processes Markdown (.md) files.

How the vulnerability worked

The bug appeared due to improper sanitization of dangerous special characters embedded in certain Markdown commands. An attacker could craft a malicious Markdown file containing specially designed links.

If a user opened the file and clicked on the embedded link, Notepad could trigger a script. That script might then download and execute additional malicious payloads on the victim’s PC.

In a worst-case scenario, successful exploitation could allow attackers to gain full control over the affected system, depending on the user’s privileges.

No public exploits reported

At the time Microsoft released the fix, no public exploits had been reported. However, given the high severity rating, users should not delay installing the latest updates.

The security patch rolled out as part of the most recent Patch Tuesday cycle, alongside cumulative updates for supported Windows versions. Updating Windows also ensures the modern Notepad app receives the corrected build.

This incident highlights how even lightweight tools like text editors can become attack vectors. Recently, another case involved Notepad++ being manipulated into executing malicious code under specific conditions.

As Windows continues to evolve, built-in apps such as Notepad now support advanced features such as tables. While these improvements add functionality, they also increase complexity and potential attack surfaces.

Users should install the latest Windows updates and verify that their Microsoft Store apps, including Notepad, remain fully updated to stay protected.

Via Neowin

More about the topics: notepad

Milan Stanojevic

Milan Stanojevic Shield

Windows Toubleshooting Expert

Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He's a PC enthusiast and he spends most of his time learning about computers and technology. Before joining WindowsReport, he worked as a front-end web developer. Now, he's one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

User forum

0 messages