VDB
CVE-2026-20841
CVE-2026-20841
PUBLISHED
CVSS 7.800000190734863 HIGH
Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.
EPSS 0.11% · 29.5th percentile
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
EPSS Score
0.11%
29.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Notepad | 11.0.0 |
| n/a | libjpeg-turbo | * |
| microsoft | windows_notepad | 0, 0, 0 |
| microsoft | window_notepad | 11.0.0 |
Exploit Intelligence
- CVE-2026-20841 (github-poc-repo)
- CVE-2026-20841 (github-poc-repo)
- CVE-2026-20841 (github-poc-repo)
- CVE-2026-20841 (github-poc-repo)
- CVE-2026-20841 (github-poc-repo)
- CVE-2026-20841 (github-poc-repo)
- CVE-2026-20841 (github-poc-repo)
- CVE-2026-20841 (github-poc-repo)
- CVE-2026-20841 (github-poc-repo)
- CVE-2026-20841 (github-poc-repo)
…and 920 more exploits
Timeline
- Jun 9, 2023 PoC Published
- Jul 15, 2023 PoC Published
- Oct 5, 2023 PoC Published
- Nov 4, 2023 PoC Published
- Dec 8, 2023 PoC Published
- Mar 1, 2024 PoC Published
- Apr 5, 2024 PoC Published
- Jul 17, 2024 PoC Published
- Apr 28, 2025 PoC Published
- May 9, 2025 PoC Published
- Sep 30, 2025 PoC Published
- Oct 11, 2025 PoC Published
References
- Windows Notepad App Remote Code Execution Vulnerability vendor-advisory
- https://news.ycombinator.com/item?id=46971516 url
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21251 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21231 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20846 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21247 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21238 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21241 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21244 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21243 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21245 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21232 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21235 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21248 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21234 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21517 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21250 advisory
…and 22 more