Skip to main content

Notepad2

2 CVEs product

Monthly

CVE-2026-4546 HIGH This Week

DLL hijacking in Flos Freeware Notepad2 4.2.25 enables local privilege escalation when an attacker with low-privilege access can place a malicious TextShaping.dll in the application's search path, achieving high confidentiality, integrity, and availability impact. Exploitation requires high attack complexity and is considered difficult per vendor assessment. No public exploit identified at time of analysis, with EPSS score of 0.01% indicating minimal observed exploitation activity. Vendor unresponsive to disclosure, leaving patch status uncertain.

Information Disclosure Notepad2
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-4545 HIGH This Week

DLL hijacking in Notepad2 4.2.25 allows local attackers with low privileges to achieve code execution by exploiting an uncontrolled search path vulnerability in PROPSYS.dll loading. The attack vector requires local access with high complexity (CVSS 7.3, CVSS v4.0), classified as difficult to exploit by the reporting source (VulDB). EPSS score of 0.01% (1st percentile) indicates minimal observed exploitation activity, and no active exploitation or public POC has been confirmed. Vendor (Flos Freeware) did not respond to coordinated disclosure, leaving patch status uncertain.

Information Disclosure Notepad2
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
EPSS 0% CVSS 7.3
HIGH This Week

DLL hijacking in Flos Freeware Notepad2 4.2.25 enables local privilege escalation when an attacker with low-privilege access can place a malicious TextShaping.dll in the application's search path, achieving high confidentiality, integrity, and availability impact. Exploitation requires high attack complexity and is considered difficult per vendor assessment. No public exploit identified at time of analysis, with EPSS score of 0.01% indicating minimal observed exploitation activity. Vendor unresponsive to disclosure, leaving patch status uncertain.

Information Disclosure Notepad2
NVD VulDB
EPSS 0% CVSS 7.3
HIGH This Week

DLL hijacking in Notepad2 4.2.25 allows local attackers with low privileges to achieve code execution by exploiting an uncontrolled search path vulnerability in PROPSYS.dll loading. The attack vector requires local access with high complexity (CVSS 7.3, CVSS v4.0), classified as difficult to exploit by the reporting source (VulDB). EPSS score of 0.01% (1st percentile) indicates minimal observed exploitation activity, and no active exploitation or public POC has been confirmed. Vendor (Flos Freeware) did not respond to coordinated disclosure, leaving patch status uncertain.

Information Disclosure Notepad2
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy