0.0
NA
CVE-2026-38972
Notepad3 DLL Search Order Hijacking
Description

Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibrary(L"MSFTEDIT.DLL") with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or another preferred DLL search location and achieve arbitrary code execution in the context of the user when the About dialog is opened.

INFO

Published Date :

July 2, 2026, midnight

Last Modified :

July 2, 2026, 8:48 p.m.

Remotely Exploit :

No

Source :

mitre
Affected Products

The following products are affected by CVE-2026-38972 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

Solution
Update Notepad3 to a version that properly handles DLL loading to prevent hijacking.
  • Update Notepad3 to the latest version available.
  • Ensure DLLs are loaded using full paths.
  • Remove malicious DLLs from application directories.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-38972 vulnerability anywhere in the article.

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.