Severity by source
AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionCVE.org
A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds checking, resulting in a stack buffer overflow and application crash (STATUS_STACK_BUFFER_OVERRUN).
AnalysisAI
Stack-based buffer overflow in Notepad++ 8.9.3 file drop handler allows local authenticated users to cause application crash and potentially execute code by dragging and dropping a directory path of exactly 259 characters without a trailing backslash, triggering unbounded buffer write via automatic backslash and null terminator appending. CVSS 6.0 (High) reflects local attack vector and high complexity; no public exploit code or active KEV status identified, but upstream fix is confirmed available.
Technical ContextAI
The vulnerability exists in Notepad++'s drag-and-drop file handler, which processes directory paths without proper bounds validation before appending path separators and null terminators to a fixed-size stack buffer. The 259-character path length represents a critical boundary condition-likely related to MAX_PATH (260 on Windows) minus one-where the automatic appending of a backslash and null terminator exceeds the buffer's allocated size. This is a classic stack-based buffer overflow (CWE-121: Stack-based Buffer Overflow). The Notepad++ project CPE indicates all versions in the 8.x series are potentially affected, though the issue is specifically confirmed in 8.9.3. The vulnerability requires user interaction (drag-and-drop UI action) and local system access, limiting remote exploitation potential.
RemediationAI
Users should upgrade to a patched version released after commit bfe7514d68bc559534c046c4ef2d1865267aa2b0 (available at https://github.com/notepad-plus-plus/notepad-plus-plus/pull/17930). The exact patched release version is not explicitly confirmed in the provided data, but the pull request and commit indicate the fix is integrated upstream; check the official Notepad++ releases page for the earliest version incorporating this commit (typically the next minor or patch release after 8.9.3). As a workaround, avoid dragging and dropping directory paths longer than 257 characters into Notepad++, or ensure paths include a trailing backslash. Administrators managing shared systems should deploy the patched version as soon as it becomes generally available.
Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Ev
Notepad++ versions prior to 8.8.9 contain an update integrity verification vulnerability (CVE-2025-15556) when using the
An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msim
Notepad++ is a free and open-source source code editor. Rated high severity (CVSS 7.8), this vulnerability is no authent
Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (Ux
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode ch
String injection in Notepad++ 8.9.3 leads to memory address disclosure or application crash when processing maliciously
Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add(). Rated medium severity (CVSS
Notepad++ is a free and open-source source code editor. Rated medium severity (CVSS 5.5), this vulnerability is no authe
Notepad++ is a free and open-source source code editor. Rated medium severity (CVSS 5.5), this vulnerability is no authe
Notepad++ is a free and open-source source code editor. Rated medium severity (CVSS 5.5), this vulnerability is no authe
A vulnerability, which was classified as problematic, was found in cxasm notepad-- 1.22. Rated medium severity (CVSS 5.5
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21334
GHSA-8hrp-2fqv-gvrx