1. Home
  2. Vulnerabilities
  3. CVE-2026-20841
8.8
HIGH CVSS 3.1
CVE-2026-20841
Windows Notepad App Remote Code Execution Vulnerability
Description

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.

INFO

Published Date :

Feb. 10, 2026, 6:16 p.m.

Last Modified :

Feb. 25, 2026, 2:32 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
Affected Products

The following products are affected by CVE-2026-20841 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Microsoft window_notepad
2 Microsoft windows_notepad
: Total Affected Vendor : 1 | Products : 2
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 HIGH [email protected]
CVSS 3.1 HIGH [email protected]
Solution
Patch Notepad to fix command injection vulnerability and prevent remote code execution.
  • Update Windows Notepad to the latest version.
  • Apply security patches for the operating system.
  • Review and sanitize all user inputs for commands.
  • Restrict network access for Notepad processes.
Public PoC/Exploit Available at Github

CVE-2026-20841 has a 24 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-20841.

URL Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841 Vendor Advisory
https://news.ycombinator.com/item?id=46971516 Issue Tracking
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-20841 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-20841 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
NAH030/Vulnerability-STIG-Remediations-Using-Powershell

None

Updated: 22 hours, 25 minutes ago
0 stars 0 fork 0 watcher
Born at : March 1, 2026, 11:37 p.m. This repo has been linked 7 different CVEs too.
Profile Photo
heaker12/CVE-POC

Added a small script, I'm a newbie, please don't be mad at me ^~^

Python

Updated: 2 days, 18 hours ago
0 stars 0 fork 0 watcher
Born at : Feb. 28, 2026, 2:09 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
404godd/CVE-2026-20841-PoC

🛠 Demonstrate remote code execution in Windows Notepad versions below 11.2510 using the CVE-2026-20841 proof of concept.

agent chinese cv cve-2016-0856 cve-2026-20841 deep-learning ethereum hacktoberfest llm mxnet notepad obfuscation php-obfuscator pose-estimation python rag semantic-segmentation sybil-resistance testnet-faucet web3

Updated: 4 hours, 34 minutes ago
0 stars 0 fork 0 watcher
Born at : Feb. 26, 2026, 5:21 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
peritocibernetico/Joplin-Remote-Code-Execution

Joplin Remote Code Execution

Updated: 1 week, 3 days ago
0 stars 0 fork 0 watcher
Born at : Feb. 20, 2026, 2:44 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
EleniChristopoulou/PoC-CVE-2026-20841

None

Updated: 1 week, 6 days ago
0 stars 0 fork 0 watcher
Born at : Feb. 17, 2026, 7:29 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
hackfaiz/CVE-2026-20841-PoC

Proof of Concept for CVE-2026-20841

Batchfile

Updated: 2 weeks, 4 days ago
0 stars 0 fork 0 watcher
Born at : Feb. 12, 2026, 6:59 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
SecureWithUmer/CVE-2026-20841

PoC for a remote code execution flaw in Windows Notepad's markdown renderer. The markdown engine does not restrict URL protocols, allowing arbitrary protocol handlers to be triggered via clickable links

2026 command-injection cve cve-2026-20841 exploit notepad windows-notepad notepad-exoploit notepad-vulnerability securewithumer

Updated: 2 weeks, 4 days ago
1 stars 1 fork 1 watcher
Born at : Feb. 12, 2026, 3:29 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
dogukankurnaz/CVE-2026-20841-PoC

CVE-2026-20841

microsoft notepad poc cve-2026-20841

Updated: 2 weeks, 4 days ago
1 stars 0 fork 0 watcher
Born at : Feb. 12, 2026, 12:38 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
atiilla/CVE-2026-20841

None

Python VBScript JavaScript

Updated: 2 weeks, 2 days ago
2 stars 2 fork 2 watcher
Born at : Feb. 12, 2026, 11 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
uky007/CVE-2026-20841_notepad_analysis

None

Python

Updated: 2 weeks, 4 days ago
2 stars 1 fork 1 watcher
Born at : Feb. 12, 2026, 6:04 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
patchpoint/CVE-2026-20841

None

Updated: 1 week, 6 days ago
11 stars 0 fork 0 watcher
Born at : Feb. 12, 2026, 3:58 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
tangent65536/CVE-2026-20841

PoC for the "Windows Notepad RCE"

JavaScript Python VBScript

Updated: 2 weeks, 5 days ago
1 stars 0 fork 0 watcher
Born at : Feb. 11, 2026, 2:55 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
RajaUzairAbdullah/CVE-2026-20841

CVE-2026-20841 - Windows notepad.exe RCE

Updated: 2 weeks, 5 days ago
0 stars 0 fork 0 watcher
Born at : Feb. 11, 2026, 12:14 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
BTtea/CVE-2026-20841-PoC

PoC

Updated: 2 weeks, 3 days ago
99 stars 15 fork 15 watcher
Born at : Feb. 11, 2026, 2:39 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
DQ-Labs/Paige

A lightweight, secure text editor built in Python/CustomTkinter.

Python Batchfile

Updated: 1 week ago
0 stars 0 fork 0 watcher
Born at : Feb. 3, 2026, 1:40 a.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-20841 vulnerability anywhere in the article.

  • CybersecurityNews
PoC Released for Windows Notepad Vulnerability that Enables Malicious Command Execution

Microsoft has patched a high-severity remote code execution (RCE) vulnerability in the modern Windows Notepad application, tracked as CVE-2026-20841, as part of its February 2026 Patch Tuesday release ... Read more

Published Date: Feb 20, 2026 (1 week, 3 days ago)
  • Zero Day Initiative
CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad

A remote code execution vulnerability has been reported in Microsoft Windows Notepad. The vulnerability is due to improper validation of links in Markdown files. A remote attacker could exploit this v ... Read more

Published Date: Feb 19, 2026 (1 week, 4 days ago)
  • CybersecurityNews
Windows 11 KB5077181 Security Update Causing Some Devices to Restart in an Infinite Loop

Windows 11 KB5077181 Security Update Microsoft’s February 10, 2026, security update KB5077181 for Windows 11 versions 24H2 (build 26200.7840) and 25H2 (build 26100.7840) has triggered widespread repor ... Read more

Published Date: Feb 15, 2026 (2 weeks, 1 day ago)
  • Help Net Security
Week in review: Exploited newly patched BeyondTrust RCE, United Airlines CISO on building resilience

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: United Airlines CISO on building resilience when disruption is inevitable In this Help Net Security in ... Read more

Published Date: Feb 15, 2026 (2 weeks, 1 day ago)
  • Help Net Security
Hackers probe, exploit newly patched BeyondTrust RCE flaw (CVE-2026-1731)

Attackers are exploiting a recently patched critical vulnerability (CVE-2026-1731) in internet-facing BeyondTrust Remote Support and Privileged Remote Access instances. “Attackers are abusing get_port ... Read more

Published Date: Feb 13, 2026 (2 weeks, 3 days ago)
  • Help Net Security
Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)

Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be exploited by attackers to achie ... Read more

Published Date: Feb 12, 2026 (2 weeks, 4 days ago)
  • The Hacker News
ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories

Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted too ... Read more

Published Date: Feb 12, 2026 (2 weeks, 4 days ago)
  • reddit.com
Microsoft's Notepad Got Pwned (CVE-2026-20841)

Let us know your cookie preferences Reddit uses cookies and similar technologies to: Keep the website operational and running properly Prevent fraud and abuse Monitor site usage and performance metric ... Read more

Published Date: Feb 12, 2026 (2 weeks, 4 days ago)
  • security.nl
Beveiligingslek in Windows Notepad maakt remote code execution mogelijk

Een kwetsbaarheid in Windows Notepad maakt remote code execution (RCE) mogelijk, zo waarschuwt Microsoft. Het techbedrijf kwam gisterenavond met beveiligingsupdates. Het probleem doet zich volgens Mic ... Read more

Published Date: Feb 11, 2026 (2 weeks, 5 days ago)
  • The Register
Notepad's new Markdown powers served with a side of remote code execution

Just months after Microsoft added Markdown support to Notepad, researchers have found the feature can be abused to achieve remote code execution (RCE). Tracked as CVE-2026-20841 (8.8), the vulnerabili ... Read more

Published Date: Feb 11, 2026 (2 weeks, 5 days ago)
  • The Cyber Express
Microsoft Patch Tuesday February Update Flags Exchange and Azure Vulnerabilities as High-Priority Risks

Microsoft Patch Tuesday February 2026 addressed 54 vulnerabilities including six zero-days across Windows, Office, Azure services, Exchange Server, and developer tools. The latest patch update, rollou ... Read more

Published Date: Feb 11, 2026 (2 weeks, 5 days ago)
  • CybersecurityNews
Windows Notepad Vulnerability Allows Attackers to Execute Malicious Code Remotely

Windows Notepad RCE Vulnerability Microsoft has patched a critical remote code execution (RCE) flaw in the Windows Notepad app, tracked as CVE-2026-20841, which could let attackers run malicious code ... Read more

Published Date: Feb 11, 2026 (2 weeks, 5 days ago)
  • Daily CyberSecurity
Billions at Risk: Critical Windows Notepad Flaw Allows Remote Code Execution

It is the quintessential “harmless” application: Windows Notepad. But a newly discovered vulnerability has turned this humble text editor into a potential gateway for hackers. In its February 2026 Pat ... Read more

Published Date: Feb 11, 2026 (2 weeks, 5 days ago)
  • Zero Day Initiative
The February 2026 Security Update Review

I have survived the biggest Pwn2Own ever, but I’m back in Tokyo for the second Patch Tuesday of 2026. My location never stops Patch Tuesday from coming, so let’s take a look at the latest security pat ... Read more

Published Date: Feb 10, 2026 (2 weeks, 6 days ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-20841 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Feb. 25, 2026

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:a:microsoft:windows_notepad:*:*:*:*:*:*:*:* versions up to (excluding) 11.2510
    Added Reference Type Microsoft Corporation: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841 Types: Vendor Advisory
    Added Reference Type CVE: https://news.ycombinator.com/item?id=46971516 Types: Issue Tracking
  • CVE Modified by [email protected]

    Feb. 12, 2026

    Action Type Old Value New Value
    Changed Description Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network. Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.
    Added CVSS V3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    Removed CVSS V3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Feb. 11, 2026

    Action Type Old Value New Value
    Added Reference https://news.ycombinator.com/item?id=46971516
  • New CVE Received by [email protected]

    Feb. 10, 2026

    Action Type Old Value New Value
    Added Description Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    Added CWE CWE-77
    Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 8.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact