What is the CVSS score of CVE-2026-25926?

CVE-2026-25926 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Windows are affected by CVE-2026-25926?

Notepad++ versions before 8.9.2 contain a privilege escalation vulnerability that allows attackers to execute arbitrary code by exploiting unsafe file search paths during Windows Explorer operations.

Is there a public PoC exploit available for CVE-2026-25926?

Yes, a public proof-of-concept exploit is available for CVE-2026-25926. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-25926?

Within 24 hours: Inventory all Notepad++ installations across the organization and identify systems running versions prior to 8.9.2. Within 7 days: Restrict Notepad++ usage to trusted, air-gapped development environments until mitigation is implemented; disable Windows Explorer integration in Notepad++ settings where feasible. Within 30 days: Implement application whitelisting policies to prevent Notepad++ execution in non-essential business units; establish a process to deploy patched versions immediately upon vendor release; consider transitioning to alternative editors with stronger security baselines.

Windows CVE-2026-25926

HIGH

Untrusted Search Path (CWE-426)

2026-02-19 security-advisories@github.com

Windows

7.3

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.3 HIGH

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:03 vuln.today

PoC Detected

Feb 19, 2026 - 18:32 vuln.today

Public exploit code

CVE Published

Feb 19, 2026 - 00:16 nvd

HIGH 7.3

DescriptionGitHub Advisory

Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability (CWE-426) exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process working directory. Under certain conditions, this could lead to arbitrary code execution in the context of the running application. Version 8.9.2 patches the issue.

AnalysisAI

Notepad++ versions before 8.9.2 allow local code execution through an unsafe search path vulnerability that permits attackers to hijack the Windows Explorer executable if they control the process working directory. A user with local access running the affected application could be tricked into executing a malicious explorer.exe, leading to arbitrary code execution with application privileges. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Place malicious explorer.exe in attacker-controlled directory

Exploit

User launches Windows Explorer from Notepad++

Execution

System searches current working directory first

Impact

Execute malicious explorer.exe with Notepad++ privileges

Access

Place malicious explorer.exe in attacker-controlled directory

Exploit

User launches Windows Explorer from Notepad++

Execution

System searches current working directory first

Impact

Execute malicious explorer.exe with Notepad++ privileges

Vulnerability AssessmentAI

Exploitation	Notepad++ versions prior to 8.9.2 with Windows Explorer launch feature; attacker must control process working directory (e.g., shared folder, user-writable location); user interaction required to trigger Explorer launch via UI. Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.3 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker could exploit this vulnerability to execution of a malicious explorer.
Remediation	Monitor vendor advisories for a patch. Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Notepad++ installations across the organization and identify systems running versions prior to 8.9.2. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-12440 CRITICAL Act Now

9.6 Jun 17

Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to po

CVE-2026-12466 HIGH This Week

8.8 Jun 17

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute

CVE-2026-12437 HIGH This Week

8.3 Jun 17

Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had comprom

CVE-2026-12449 HIGH This Week

7.8 Jun 17

Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-

CVE-2026-12461 MEDIUM This Month

6.5 Jun 17

Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain pot

CVE-2026-25926 vulnerability details – vuln.today

Back

Windows CVE-2026-25926

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code