Notepad Markdown Link Command Injection Vulnerability (CVE-2026-20841)
Summary
Hide ▲
Show ▼
Microsoft has patched a command injection flaw (CVE-2026-20841, CVSS score: 8.8) in Notepad for Windows 11. The vulnerability allows remote code execution when users click malicious links in Markdown files. The flaw was exploited by creating Markdown files with 'file://' links to executable files or special URIs to run arbitrary payloads. The issue was fixed in the February 2026 Patch Tuesday update. The vulnerability could execute code in the context of the user opening the Markdown file, granting attackers the same permissions as that user.
Timeline
-
12.02.2026 13:51 1 articles · 11h ago
Microsoft Patches Notepad Command Injection Flaw (CVE-2026-20841)
Microsoft has addressed a critical command injection vulnerability in Notepad that could lead to remote code execution. The flaw was exploited via malicious Markdown links and has been fixed in the February 2026 Patch Tuesday update.
Show sources
- ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories — thehackernews.com — 12.02.2026 13:51
Information Snippets
-
The vulnerability (CVE-2026-20841) has a CVSS score of 8.8 and affects Windows Notepad's Markdown support.
First reported: 12.02.2026 13:511 source, 1 articleShow sources
- ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories — thehackernews.com — 12.02.2026 13:51
-
Exploitation involves tricking users into clicking malicious links in Markdown files opened in Notepad.
First reported: 12.02.2026 13:511 source, 1 articleShow sources
- ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories — thehackernews.com — 12.02.2026 13:51
-
The flaw was patched in Microsoft's February 2026 Patch Tuesday update.
First reported: 12.02.2026 13:511 source, 1 articleShow sources
- ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories — thehackernews.com — 12.02.2026 13:51