Skip to main content

Notepad2 CVE-2026-4545

| EUVDEUVD-2026-14299 HIGH
Uncontrolled Search Path Element (CWE-427)
2026-03-22 VulDB
7.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
Analysis Updated
Apr 30, 2026 - 14:43 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 30, 2026 - 14:37 vuln.today
cvss_changed
CVSS changed
Apr 30, 2026 - 14:37 NVD
7.0 (HIGH) 7.3 (HIGH)
EUVD ID Assigned
Mar 22, 2026 - 11:30 euvd
EUVD-2026-14299
Analysis Generated
Mar 22, 2026 - 11:30 vuln.today
CVE Published
Mar 22, 2026 - 11:20 nvd
HIGH 7.0

DescriptionCVE.org

A security flaw has been discovered in Flos Freeware Notepad2 4.2.25. This affects an unknown function in the library PROPSYS.dll. Performing a manipulation results in uncontrolled search path. The attack is only possible with local access. The attack is considered to have high complexity. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

DLL hijacking in Notepad2 4.2.25 allows local attackers with low privileges to achieve code execution by exploiting an uncontrolled search path vulnerability in PROPSYS.dll loading. The attack vector requires local access with high complexity (CVSS 7.3, CVSS v4.0), classified as difficult to exploit by the reporting source (VulDB). EPSS score of 0.01% (1st percentile) indicates minimal observed exploitation activity, and no active exploitation or public POC has been confirmed. Vendor (Flos Freeware) did not respond to coordinated disclosure, leaving patch status uncertain.

Technical ContextAI

This vulnerability exploits CWE-427 (Uncontrolled Search Path Element), commonly known as DLL hijacking or DLL preloading. When Notepad2 4.2.25 loads the Windows system library PROPSYS.dll (Windows Property System), it searches directories in an unsafe order, potentially loading a malicious DLL from a user-writable location before the legitimate system library. PROPSYS.dll provides property schema functionality for Windows file metadata. The affected product is Flos Freeware Notepad2, a lightweight text editor fork, identified by CPE cpe:2.3:a:flos_freeware:notepad2:*:*:*:*:*:*:*:*. The CVSS vector indicates local attack vector (AV:L), high complexity (AC:H), low privileges required (PR:L), and high impact on confidentiality, integrity, and availability (VC:H/VI:H/VA:H) with no scope change.

RemediationAI

No official vendor patch has been released, as Flos Freeware did not respond to vulnerability disclosure (per VulDB submission 774752). Users of Notepad2 4.2.25 should consider these compensating controls: First, upgrade to a maintained alternative text editor such as Notepad++ or the original Notepad2-mod fork, which has active maintenance. Second, if continued use is required, restrict application deployment to non-privileged user contexts and implement application whitelisting to prevent unauthorized DLL loading from user-writable directories (e.g., using Windows Defender Application Control or AppLocker policies blocking DLL loads outside System32/SysWOW64). Third, apply principle of least privilege by ensuring users running Notepad2 have minimal filesystem write permissions, particularly to the application directory and current working directory. Note that DLL hijacking mitigations may cause application instability if the application legitimately loads plugins or extensions from user directories. Monitor vendor channels (if they resume communication) for future security updates, though the lack of response suggests this may be an abandoned project. For detailed technical analysis, refer to VulDB entry 352372 at https://vuldb.com/?id.352372.

Share

CVE-2026-4545 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy