Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Windows 11 Notepad Markdown link RCE (CVE-2026-20841)

Vulnerability
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft fixed CVE-2026-20841, a remote code execution flaw in Windows 11 Notepad that could be triggered by clicking a malicious Markdown link. On Notepad versions 11.2510 and earlier, a Ctrl+click on crafted `file://` or `ms-appinstaller://` links could launch programs without Windows warning prompts. The issue mattered because code could run in the security context of the user who opened the Markdown file.

Related Happenings

Microsoft Windows RDP security warning dialog rendering issue after April 2026 updates

Security Tool/Service
First: 28.04.2026 12:51 Last: 28.04.2026 12:51 Sources 1

About this happening: **Microsoft** confirmed that newly introduced **Windows security warnings** for opening **Remote Desktop (.rdp) files** can display incorrectly, reducing users' ability to review...

Open Happening

Windows 11 Insider Preview adds secure batch-file execution controls

Security Tool/Service
First: 27.02.2026 22:00 Last: 27.02.2026 22:00 Sources 1

About this happening: **Microsoft** is adding a more secure batch-file and CMD-script execution mode in **Windows 11 Insider Preview builds**, which matters for **enterprise scripted workflows** that n...

Open Happening

Microsoft Family Safety service-side fix for browser launch blocking

Security Tool/Service
First: 13.02.2026 11:31 Last: 13.02.2026 11:31 Sources 1

About this happening: **Microsoft Family Safety** resolved a **service-side bug** that could prevent **Google Chrome** and other approved browsers from launching on **Windows 10 22H2** and **Windows 11...

Open Happening

Lnk-it-up open-source suite for generating and detecting malicious Windows LNK shortcuts

Security Tool/Service
First: 12.02.2026 23:01 Last: 12.02.2026 23:01 Sources 1

About this happening: **lnk-it-up** is a newly released open-source suite for **Windows LNK shortcuts** that helps testers generate deceptive files and helps defenders spot shortcuts where **Explorer**...

Open Happening

Microsoft rolls out native Sysmon monitoring to Windows 11 Insider builds

Security Tool/Service
First: 04.02.2026 14:58 Last: 04.02.2026 14:58 Sources 1

About this happening: Microsoft has started rolling out **built-in Sysmon** to select **Windows 11 Insider** builds, adding native **security monitoring** and **Windows Event Log** capture without a se...

Open Happening

Timeline

  1. 12.02.2026 01:15 2 articles · 3mo ago

    Microsoft discloses and fixes Windows 11 Notepad Markdown-link RCE

    Initial Disclosure

    Microsoft disclosed and fixed CVE-2026-20841 in Windows 11 Notepad as part of February 2026 Patch Tuesday, after a command-injection flaw let a user trigger code execution by Ctrl+clicking a malicious Markdown link in a .md file opened in Notepad. On versions 11.2510 and earlier, links such as `file://` and `ms-appinstaller://` could launch local or remote programs without Windows security warnings; the update now warns on non-`http://` and non-`https://` URI links.

    Show sources
    Open in new tab