CVE-2026-20841
Windows Notepad App Remote Code Execution Vulnerability
Description
Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.
INFO
Published Date :
Feb. 10, 2026, 6:16 p.m.
Last Modified :
Feb. 25, 2026, 2:32 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
Affected Products
The following products are affected by CVE-2026-20841
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | [email protected] | ||||
| CVSS 3.1 | HIGH | [email protected] |
Solution
- Update Windows Notepad to the latest version.
- Apply security patches for the operating system.
- Review and sanitize all user inputs for commands.
- Restrict network access for Notepad processes.
Public PoC/Exploit Available at Github
CVE-2026-20841 has a 24 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-20841.
| URL | Resource |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841 | Vendor Advisory |
| https://news.ycombinator.com/item?id=46971516 | Issue Tracking |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-20841 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-20841
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
Added a small script, I'm a newbie, please don't be mad at me ^~^
Python
🛠 Demonstrate remote code execution in Windows Notepad versions below 11.2510 using the CVE-2026-20841 proof of concept.
agent chinese cv cve-2016-0856 cve-2026-20841 deep-learning ethereum hacktoberfest llm mxnet notepad obfuscation php-obfuscator pose-estimation python rag semantic-segmentation sybil-resistance testnet-faucet web3
Joplin Remote Code Execution
None
Proof of Concept for CVE-2026-20841
Batchfile
PoC for a remote code execution flaw in Windows Notepad's markdown renderer. The markdown engine does not restrict URL protocols, allowing arbitrary protocol handlers to be triggered via clickable links
2026 command-injection cve cve-2026-20841 exploit notepad windows-notepad notepad-exoploit notepad-vulnerability securewithumer
CVE-2026-20841
microsoft notepad poc cve-2026-20841
None
Python VBScript JavaScript
None
Python
None
PoC for the "Windows Notepad RCE"
JavaScript Python VBScript
CVE-2026-20841 - Windows notepad.exe RCE
PoC
A lightweight, secure text editor built in Python/CustomTkinter.
Python Batchfile
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-20841 vulnerability anywhere in the article.
-
CybersecurityNews
PoC Released for Windows Notepad Vulnerability that Enables Malicious Command Execution
Microsoft has patched a high-severity remote code execution (RCE) vulnerability in the modern Windows Notepad application, tracked as CVE-2026-20841, as part of its February 2026 Patch Tuesday release ... Read more
-
Zero Day Initiative
CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad
A remote code execution vulnerability has been reported in Microsoft Windows Notepad. The vulnerability is due to improper validation of links in Markdown files. A remote attacker could exploit this v ... Read more
-
CybersecurityNews
Windows 11 KB5077181 Security Update Causing Some Devices to Restart in an Infinite Loop
Windows 11 KB5077181 Security Update Microsoft’s February 10, 2026, security update KB5077181 for Windows 11 versions 24H2 (build 26200.7840) and 25H2 (build 26100.7840) has triggered widespread repor ... Read more
-
Help Net Security
Week in review: Exploited newly patched BeyondTrust RCE, United Airlines CISO on building resilience
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: United Airlines CISO on building resilience when disruption is inevitable In this Help Net Security in ... Read more
-
Help Net Security
Hackers probe, exploit newly patched BeyondTrust RCE flaw (CVE-2026-1731)
Attackers are exploiting a recently patched critical vulnerability (CVE-2026-1731) in internet-facing BeyondTrust Remote Support and Privileged Remote Access instances. “Attackers are abusing get_port ... Read more
-
Help Net Security
Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be exploited by attackers to achie ... Read more
-
The Hacker News
ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories
Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted too ... Read more
-
reddit.com
Microsoft's Notepad Got Pwned (CVE-2026-20841)
Let us know your cookie preferences Reddit uses cookies and similar technologies to: Keep the website operational and running properly Prevent fraud and abuse Monitor site usage and performance metric ... Read more
-
security.nl
Beveiligingslek in Windows Notepad maakt remote code execution mogelijk
Een kwetsbaarheid in Windows Notepad maakt remote code execution (RCE) mogelijk, zo waarschuwt Microsoft. Het techbedrijf kwam gisterenavond met beveiligingsupdates. Het probleem doet zich volgens Mic ... Read more
-
The Register
Notepad's new Markdown powers served with a side of remote code execution
Just months after Microsoft added Markdown support to Notepad, researchers have found the feature can be abused to achieve remote code execution (RCE). Tracked as CVE-2026-20841 (8.8), the vulnerabili ... Read more
-
The Cyber Express
Microsoft Patch Tuesday February Update Flags Exchange and Azure Vulnerabilities as High-Priority Risks
Microsoft Patch Tuesday February 2026 addressed 54 vulnerabilities including six zero-days across Windows, Office, Azure services, Exchange Server, and developer tools. The latest patch update, rollou ... Read more
-
CybersecurityNews
Windows Notepad Vulnerability Allows Attackers to Execute Malicious Code Remotely
Windows Notepad RCE Vulnerability Microsoft has patched a critical remote code execution (RCE) flaw in the Windows Notepad app, tracked as CVE-2026-20841, which could let attackers run malicious code ... Read more
-
Daily CyberSecurity
Billions at Risk: Critical Windows Notepad Flaw Allows Remote Code Execution
It is the quintessential “harmless” application: Windows Notepad. But a newly discovered vulnerability has turned this humble text editor into a potential gateway for hackers. In its February 2026 Pat ... Read more
-
Zero Day Initiative
The February 2026 Security Update Review
I have survived the biggest Pwn2Own ever, but I’m back in Tokyo for the second Patch Tuesday of 2026. My location never stops Patch Tuesday from coming, so let’s take a look at the latest security pat ... Read more
The following table lists the changes that have been made to the
CVE-2026-20841 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Feb. 25, 2026
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:microsoft:windows_notepad:*:*:*:*:*:*:*:* versions up to (excluding) 11.2510 Added Reference Type Microsoft Corporation: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841 Types: Vendor Advisory Added Reference Type CVE: https://news.ycombinator.com/item?id=46971516 Types: Issue Tracking -
CVE Modified by [email protected]
Feb. 12, 2026
Action Type Old Value New Value Changed Description Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network. Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally. Added CVSS V3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Removed CVSS V3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Feb. 11, 2026
Action Type Old Value New Value Added Reference https://news.ycombinator.com/item?id=46971516 -
New CVE Received by [email protected]
Feb. 10, 2026
Action Type Old Value New Value Added Description Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network. Added CVSS V3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Added CWE CWE-77 Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841