CVE-2026-2538
HIGHCVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Tags
Description
A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack's complexity is rated as high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
Flos Freeware Notepad2 versions 4.2.22 through 4.2.25 contain an uncontrolled search path vulnerability in Msimg32.dll that allows local attackers with user-level privileges to achieve code execution and system compromise. Exploitation requires high complexity and local access, but successful attacks can result in complete system confidentiality, integrity, and availability breaches. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all systems running Notepad2 versions 4.2.22-4.2.25 across the organization. Within 7 days: Isolate or restrict usage of affected versions to non-critical functions, communicate findings to end users, and implement compensating controls. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today