Microsoft has mounted a severe safety vulnerability affecting Markdown recordsdata in Notepad. Within the company’s Tuesday patch notes, Microsoft says a nasty actor may perform a distant code execution assault by tricking customers “into clicking a malicious hyperlink inside a Markdown file opened in Notepad,” as reported earlier by The Register.
Clicking the hyperlink would “launch unverified protocols,” permitting attackers to remotely load and execute malicious recordsdata on a sufferer’s pc, in keeping with the patch notes. Microsoft says there isn’t any proof of attackers exploiting the Notepad vulnerability (CVE-2026-20841) within the wild, but it surely issued a repair for the flaw in its Tuesday patch.
Microsoft initially added support for Markdown, a plaintext formatting language, to Notepad on Home windows 11 final Could. The transfer contributed to criticism that Microsoft is filling its working system with bloatware, together with by stuffing new options and AI capabilities into apps like Notepad and Paint.
Notepad isn’t the one textual content editor that has confronted safety points lately, as the third-party Notepad++ app disclosed that some customers might have downloaded a malicious replace linked to Chinese language state-sponsored attackers.
