CVE-2026-52884 | notepad-plus-plus Notepad++ 8.9.6.1 RunDlg.cpp isInTrustedDirectory path equivalence (GHSA-p58x-r3c9-x9p6)
A vulnerability categorized as critical has been discovered in notepad-plus-plus Notepad++ 8.9.6.1. This impacts the function isInTrustedDirectory of the file RunDlg.cpp. Such manipulation leads to path equivalence: ‘filename.’ (trailing dot).
This vulnerability is listed as CVE-2026-52884. The attack may be performed from remote. There is no available exploit.
It is advisable to upgrade the affected component.VulDB Recent EntriesRead More