THE article reports critical vulnerabilities affecting the Notepad++ text editor, highlighting three major flaws that can lead to arbitrary code execution and local denial of service. The vulnerabilities CVE-2026-48800 and CVE-2026-48778 allow attackers to exploit weaknesses in XML file processing to execute arbitrary code, each assigned a high severity CVSS score of 7.8. Another vulnerability, CVE-2026-48770, rated at 5.0, can cause a denial of service due to improper message handling.
Users are urged to upgrade to version 8.9.6.1 or later to mitigate these security risks. Public proof of concept exploit codes are available, increasing the urgency for patching.