Skip to main content

Notepad3

3 CVEs product

Monthly

CVE-2026-38972 HIGH This Week

Local code execution in Notepad3 (versions through 6.25.822.1) arises from an insecure LoadLibrary(L"MSFTEDIT.DLL") call in the About-dialog path within src/Notepad3.c. Because the DLL is loaded by bare name, an attacker who can drop a malicious MSFTEDIT.DLL into the application directory or an earlier search-order location runs arbitrary code as the current user once that user opens the About dialog. No public exploit identified at time of analysis, and EPSS is low at 0.18% (8th percentile), consistent with a local, user-interaction-dependent flaw rather than a mass-exploitation target.

RCE Notepad3
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-4744 CRITICAL PATCH Act Now

Out-of-bounds read vulnerability in Notepad3's Oniguruma regex engine (regcomp.C) allows local attackers with user interaction to trigger memory disclosure or potential code execution with high impact on confidentiality, integrity, and availability. The vulnerability affects all versions before 6.25.714.1 and has a critical CVSS score of 9.3. A patch is available and users should update immediately.

Buffer Overflow Information Disclosure Notepad3
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2024-1188 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Rizone Soft Notepad3 1.0.2.350. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Notepad3
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
EPSS 0% CVSS 7.8
HIGH This Week

Local code execution in Notepad3 (versions through 6.25.822.1) arises from an insecure LoadLibrary(L"MSFTEDIT.DLL") call in the About-dialog path within src/Notepad3.c. Because the DLL is loaded by bare name, an attacker who can drop a malicious MSFTEDIT.DLL into the application directory or an earlier search-order location runs arbitrary code as the current user once that user opens the About dialog. No public exploit identified at time of analysis, and EPSS is low at 0.18% (8th percentile), consistent with a local, user-interaction-dependent flaw rather than a mass-exploitation target.

RCE Notepad3
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Out-of-bounds read vulnerability in Notepad3's Oniguruma regex engine (regcomp.C) allows local attackers with user interaction to trigger memory disclosure or potential code execution with high impact on confidentiality, integrity, and availability. The vulnerability affects all versions before 6.25.714.1 and has a critical CVSS score of 9.3. A patch is available and users should update immediately.

Buffer Overflow Information Disclosure Notepad3
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Rizone Soft Notepad3 1.0.2.350. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Notepad3
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy