CVE-2026-38972
Notepad3 DLL Search Order Hijacking
Description
Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibrary(L"MSFTEDIT.DLL") with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or another preferred DLL search location and achieve arbitrary code execution in the context of the user when the About dialog is opened.
INFO
Published Date :
July 2, 2026, midnight
Last Modified :
July 2, 2026, 8:48 p.m.
Remotely Exploit :
No
Source :
mitre
Affected Products
The following products are affected by CVE-2026-38972
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Update Notepad3 to the latest version available.
- Ensure DLLs are loaded using full paths.
- Remove malicious DLLs from application directories.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-38972 vulnerability anywhere in the article.