Detections
Analytics

Notepad++ < 8.9.6.2 Arbitrary Code Execution

high Nessus Plugin ID 318685

Synopsis

A text editor on the remote Windows host is affected by an arbitrary code execution vulnerability.

Description

The version of Notepad++ installed on the remote host is prior to 8.9.6.2. It is, therefore, affected by an arbitrary code execution vulnerability:

 - An arbitrary code execution vulnerability exists due to improper handling of shortcuts.xml files. A previous fix in version 8.9.6.1 was incomplete, and a bypass scenario allows an attacker to still exploit this issue to execute arbitrary code. (CVE-2026-48800)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Notepad++ version 8.9.6.2 or later.

See Also

http://www.nessus.org/u?89de4aec

http://www.nessus.org/u?673cb8af

https://notepad-plus-plus.org/news/v8962-released/

Plugin Details

Severity: High

ID: 318685

File Name: notepad_plus_plus_8_9_6_2.nasl

Version: 1.1

Type: Local

Agent: windows

Family: Windows

Published: 6/4/2026

Updated: 6/4/2026

Configuration: Enable thorough checks (optional)

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-48800

CVSS v3

Risk Factor: High

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:notepad-plus-plus:notepad%5c%2b%5c%2b

Required KB Items: SMB/Registry/Enumerated, installed_sw/Notepad++

Patch Publication Date: 5/31/2026

Vulnerability Publication Date: 5/26/2026

Reference Information

CVE: CVE-2026-48800