How to fix CVE-2026-25926?

Within 24 hours: Inventory all Notepad++ installations across the organization and identify systems running versions prior to 8.9.2. Within 7 days: Restrict Notepad++ usage to trusted, air-gapped development environments until mitigation is implemented; disable Windows Explorer integration in Notepad++ settings where feasible. Within 30 days: Implement application whitelisting policies to prevent Notepad++ execution in non-essential business units; establish a process to deploy patched versions immediately upon vendor release; consider transitioning to alternative editors with stronger security baselines.

Is Windows affected by CVE-2026-25926?

Notepad++ versions before 8.9.2 contain a privilege escalation vulnerability that allows attackers to execute arbitrary code by exploiting unsafe file search paths during Windows Explorer operations.

CVE-2026-25926

HIGH

2026-02-19 [email protected]

7.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:03 vuln.today

PoC Detected

Feb 19, 2026 - 18:32 vuln.today

Public exploit code

CVE Published

Feb 19, 2026 - 00:16 nvd

HIGH 7.3

Description

Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability (CWE-426) exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process working directory. Under certain conditions, this could lead to arbitrary code execution in the context of the running application. Version 8.9.2 patches the issue.

Analysis

Notepad++ versions before 8.9.2 allow local code execution through an unsafe search path vulnerability that permits attackers to hijack the Windows Explorer executable if they control the process working directory. A user with local access running the affected application could be tricked into executing a malicious explorer.exe, leading to arbitrary code execution with application privileges. …

Remediation

Within 24 hours: Inventory all Notepad++ installations across the organization and identify systems running versions prior to 8.9.2. Within 7 days: Restrict Notepad++ usage to trusted, air-gapped development environments until mitigation is implemented; disable Windows Explorer integration in Notepad++ settings where feasible. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: +20

CVE-2026-25926 vulnerability details – vuln.today

Back

CVE-2026-25926

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-25926

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code