CVE-2026-25926
- Source
- https://cve.org/CVERecord?id=CVE-2026-25926
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25926.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-25926
- Aliases
-
- GHSA-rjvm-fcxw-2jxq
- Published
- 2026-02-18T23:07:36.383Z
- Modified
- 2026-02-21T00:37:01.528328Z
- Severity
-
- 7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Notepad++ has an Untrusted Search Path
- Details
-
Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability (CWE-426) exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process working directory. Under certain conditions, this could lead to arbitrary code execution in the context of the running application. Version 8.9.2 patches the issue.
- Database specific
{ "cwe_ids": [ "CWE-426" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25926.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25926.json
- https://github.com/notepad-plus-plus/notepad-plus-plus/releases/tag/v8.9.2
- https://github.com/notepad-plus-plus/notepad-plus-plus/security/advisories/GHSA-rjvm-fcxw-2jxq
- https://notepad-plus-plus.org/news/v892-released
- https://nvd.nist.gov/vuln/detail/CVE-2026-25926
Affected packages
Git / github.com/notepad-plus-plus/notepad-plus-plus
Affected ranges
- Type
- GIT
- Repo
- https://github.com/notepad-plus-plus/notepad-plus-plus
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
7.*
7.2.2
7.3.1
Other
patch-1_#167
patch-2_#268
patch-3_#283
v6
v7
v8
v5.*
v5.4.2
v5.4.3
v5.4.4
v5.4.5
v5.5
v5.5.1
v5.6
v5.6.1
v5.6.2
v5.6.3
v5.6.4
v5.6.5
v5.6.6
v5.6.7
v5.6.8
v5.7
v5.8
v5.8.1
v5.8.2
v5.8.3
v5.8.4
v5.8.5
v5.8.6
v5.8.7
v5.9
v5.9.1
v5.9.2
v5.9.3
v5.9.4
v5.9.5
v5.9.6
v5.9.6.1
v5.9.6.2
v5.9.7
v5.9.8
v6.*
v6.1
v6.1.1
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.2
v6.2.1
v6.2.2
v6.2.3_-_End_of_World_Edition
v6.3
v6.3.1
v6.3.2
v6.3.3
v6.4
v6.4.1
v6.4.2
v6.4.3
v6.4.4
v6.4.5
v6.5
v6.5.1
v6.5.2
v6.5.3
v6.5.4
v6.5.5
v6.6
v6.6.1
v6.6.2
v6.6.3
v6.6.4
v6.6.6_-_Friday_the_13th_edition
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7.1
v6.7.2
v6.7.3
v6.7.4_-_Je_suis_Charlie_edition
v6.7.5
v6.7.6
v6.7.7
v6.7.8
v6.7.8.1
v6.7.8.2
v6.7.9
v6.7.9.1
v6.7.9.2
v6.8
v6.8.1
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9
v6.9
v6.9.1
v6.9.2
v7.*
v7.1
v7.2
v7.2.1
v7.2.2
v7.3
v7.3.1
v7.3.2
v7.3.3
v7.4
v7.4.1
v7.4.2
v7.5
v7.5.1
v7.5.2
v7.5.3
v7.5.4
v7.5.5
v7.5.6
v7.5.7
v7.5.8
v7.5.9
v7.6
v7.6.1
v7.6.2
v7.6.3
v7.6.4
v7.6.5
v7.6.6
v7.7
v7.7.1
v7.8
v7.8.1
v7.8.2
v7.8.3
v7.8.4
v7.8.5
v7.8.6
v7.8.7
v7.8.8
v7.8.9
v7.9
v7.9.1
v7.9.2
v7.9.3
v7.9.4
v7.9.5
v8.*
v8.1
v8.1.1
v8.1.2
v8.1.3
v8.1.4
v8.1.5
v8.1.6
v8.1.7
v8.1.8
v8.1.9
v8.1.9.1
v8.1.9.2
v8.1.9.3
v8.2
v8.2.1
v8.3
v8.3.1
v8.3.2
v8.3.3
v8.4
v8.4.1
v8.4.2
v8.4.3
v8.4.4
v8.4.5
v8.4.6
v8.4.7
v8.4.8
v8.4.9
v8.5
v8.5.1
v8.5.2
v8.5.3
v8.5.4
v8.5.5
v8.5.6
v8.5.7
v8.5.8
v8.6
v8.6.1
v8.6.2
v8.6.3
v8.6.4
v8.6.5
v8.6.6
v8.6.7
v8.6.8
v8.6.9
v8.7
v8.7.1
v8.7.2
v8.7.3
v8.7.4
v8.7.5
v8.7.6
v8.7.7
v8.7.8
v8.7.9
v8.8
v8.8.1
v8.8.2
v8.8.3
v8.8.4
v8.8.5
v8.8.6
v8.8.7
v8.8.8
v8.8.9
v8.9
v8.9.1