CVE-2026-48800 | Notepad++ up to 8.9.6 NppXml::value Parameters.cpp UserCommand os command injection (GHSA-3x3f-3j39-pj3v)

A vulnerability classified as critical was found in Notepad++ up to 8.9.6. This impacts the function UserCommand of the file Parameters.cpp of the component NppXml::value. Such manipulation leads to os command injection.

This vulnerability is listed as CVE-2026-48800. The attack must be carried out locally. In addition, an exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More