What is the CVSS score of CVE-2026-3008?

CVE-2026-3008 has a CVSS 3.1 base score of 6.6 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H. EPSS exploitation probability: 0.0%.

Is there a public PoC exploit available for CVE-2026-3008?

Yes, a public proof-of-concept exploit is available for CVE-2026-3008. Prioritise patching immediately. EPSS: 0.0%.

CVE-2026-3008

EUVD-2026-25775 MEDIUM

Use of Externally-Controlled Format String (CWE-134)

2026-04-27 CSA

Denial Of Service

6.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

Lifecycle Timeline

PoC Detected

Apr 27, 2026 - 18:57 vuln.today

Public exploit code

Severity Changed

Apr 27, 2026 - 10:22 NVD

CRITICAL MEDIUM

CVSS changed

Apr 27, 2026 - 10:22 NVD

10.0 (CRITICAL) 6.6 (MEDIUM)

Analysis Generated

Apr 27, 2026 - 09:00 vuln.today

CVSS changed

Apr 27, 2026 - 07:22 NVD

10.0 (CRITICAL)

EUVD ID Assigned

Apr 27, 2026 - 06:30 euvd

EUVD-2026-25775

Analysis Generated

Apr 27, 2026 - 06:30 vuln.today

CVE Published

Apr 27, 2026 - 06:04 nvd

MEDIUM 6.6

DescriptionNVD

Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application.

AnalysisAI

String injection in Notepad++ 8.9.3 leads to memory address disclosure or application crash when processing maliciously crafted input. Attackers can leverage this remotely without authentication (CVSS 4.0 score 10.0, AV:N/PR:N), though desktop application context suggests user interaction required despite UI:N in vector. …

RemediationAI

Within 24 hours: Advise users to avoid opening untrusted Notepad++ files and disable auto-open features if available. Within 7 days: Upgrade all Notepad++ installations to version 8.9.4 release candidate or later when stable release is available; verify deployment via inventory scan. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-3008 vulnerability details – vuln.today

Back