Because of Microsoft including all these additional options to Notepad, it now sadly sports activities another: An exploitation vulnerability with a excessive safety score

For over 4 many years, Home windows Notepad has been the fundamental textual content editor of alternative for a lot of a discerning PC consumer. Lately, although, Microsoft has been steadily including all types of options to it, turning it from a barebones phrase processor into one thing decidedly extra advanced. Sadly, the addition of formatting and tables now consists of another characteristic: a distant code execution vulnerability that might let hackers run all types of nasty stuff in your PC.

Microsoft acknowledges the problem in its safety replace information, snappily labelled as CVE-2026-20841. With a typical vulnerability base rating of 8.8 and temporal rating of seven.7, it is rated as a ‘excessive’ safety drawback.

Principally, all of it works like this: A consumer opens up a Markdown file that accommodates an innocent-looking hyperlink in it, however upon opening stated hyperlink, Notepad then begins to load and execute distant information that scrape information or do different nasty stuff with the pc. If the consumer has admin rights, then the attacker would have the identical privileges too.

Associated articles

Like so many vulnerabilities of this type, the pc would have to be related to a community for the attacker to achieve distant entry, and it might solely set off if the consumer opened the Markdown file after which clicked on the hyperlink inside it. You’d assume that this may imply that nearly no person can be affected by the issue, however the truth that cybercrime is such an issue today simply exhibits what number of of us can be in danger.

For those who’re questioning what Markdown is, it is a easy markup language that can be utilized to translate primary textual content into HTML, and it is what Microsoft makes use of to present Notepad the flexibility so as to add tables and formatting (e.g. daring or italic) to a textual content doc. For those who’ve ever used an app the place you’ve got added two asterisks earlier than a phrase to make it go daring, you then’re most likely utilizing Markdown to do that. Properly, the app is, however you get what I imply.

This safety vulnerability is not a problem with Markdown itself, simply how Notepad renders it, however precisely how Microsoft will repair this is not clear at this stage. For now, although, you possibly can keep away from the issue fully by sticking to some essential procedures: Don’t obtain any file that you could’t confirm the integrity of its supply and by no means click on on a random hyperlink.

The excellent news is that there’s at the moment no identified exploitation of this vulnerability doing the rounds out within the wild, and even when there was, it is fairly easy to keep away from placing your PC into hurt’s method. However given the simplicity of the hack, you’d assume that Microsoft would have already thought of the opportunity of it earlier than going all willy-nilly with increasing Notepad’s characteristic set.

Finest gaming rigs 2026

All our favourite gear