Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/S:N/AU:N/R:U/V:D/RE:L/U:Amber
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/S:N/AU:N/R:U/V:D/RE:L/U:Amber
Lifecycle Timeline
4DescriptionCVE.org
Out-of-bounds Read vulnerability in rizonesoft Notepad3 (scintilla/oniguruma/src modules). This vulnerability is associated with program files regcomp.C.
This issue affects Notepad3: before 6.25.714.1.
AnalysisAI
Out-of-bounds read vulnerability in Notepad3's Oniguruma regex engine (regcomp.C) allows local attackers with user interaction to trigger memory disclosure or potential code execution with high impact on confidentiality, integrity, and availability. The vulnerability affects all versions before 6.25.714.1 and has a critical CVSS score of 9.3. A patch is available and users should update immediately.
Technical ContextAI
The vulnerability resides in the Oniguruma regular expression library (cpe:2.3:a:rizonesoft:notepad3), which is integrated into Notepad3's text processing engine via the scintilla module. The root cause is classified as CWE-125 (Out-of-Bounds Read), a memory safety issue where the regcomp.c component fails to properly validate buffer boundaries during regular expression compilation or pattern matching operations. This type of vulnerability in regex engines typically occurs when the parser processes malformed or specially crafted regex patterns without adequate length checks, allowing reads into adjacent memory regions. The scintilla editing component's reliance on Oniguruma for syntax highlighting and pattern matching makes this a direct attack surface when users open or process untrusted documents containing malicious regex patterns.
RemediationAI
Immediately upgrade Notepad3 to version 6.25.714.1 or later, which includes the patch for this out-of-bounds read vulnerability. Download the latest release from the official Notepad3 GitHub repository (https://github.com/rizonesoft/Notepad3) or through your organization's software distribution mechanism. Until patching is possible in legacy environments, users should avoid opening untrusted documents or files that may contain malicious regular expression patterns, and administrators can restrict Notepad3 usage through endpoint controls if necessary. Additionally, ensure that any automated document processing or syntax highlighting workflows that rely on Notepad3 are updated to the patched version to prevent potential information disclosure incidents.
A vulnerability, which was classified as problematic, was found in Rizone Soft Notepad3 1.0.2.350. Rated medium severity
Local code execution in Notepad3 (versions through 6.25.822.1) arises from an insecure LoadLibrary(L"MSFTEDIT.DLL") call
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14702
GHSA-wfh3-g987-f73h