Notepad++ Vulnerabilities Enable PowerShell Command Injection
Key Takeaways Notepad++ version 8.9.7 has been released, addressing multiple critical security vulnerabilities. The most severe flaw is a PowerShell command injection during installation, potentially...
Key Takeaways
- Notepad++ version 8.9.7 has been released, addressing multiple critical security vulnerabilities.
- The most severe flaw is a PowerShell command injection during installation, potentially leading to arbitrary code execution.
- Other vulnerabilities include path traversal, buffer overflow, and authentication bypass issues.
- Users are strongly advised to update immediately to mitigate these risks.
Critical Vulnerabilities Patched in Notepad++ v8.9.7
A new version of the popular Windows text editor, Notepad++, has been released, incorporating vital security fixes for several vulnerabilities. Version 8.9.7 specifically tackles a high-severity PowerShell command injection flaw that could facilitate arbitrary code execution during the software’s installation process.
Table Of Content
This update resolves a total of five distinct security issues, encompassing weaknesses related to path traversal, buffer overflow conditions, and authentication bypasses. The comprehensive patches aim to bolster the security posture of Notepad++, a tool widely adopted by developers and power users globally.
Installer-Based PowerShell Command Injection
The most significant vulnerability addressed in this release is an install-time PowerShell command injection. This flaw stems from improper handling of PowerShell commands within the Notepad++ installer, which could allow malicious actors to manipulate the execution flow and inject arbitrary commands onto a target system.
Such an exploit could be initiated through various attack vectors, including the distribution of tampered installation packages or the execution of social engineering campaigns. A successful exploit could result in a complete compromise of the affected system.
Notepad++ developers have now enhanced the robustness of PowerShell command processing within the installer, effectively mitigating the risk of unauthorized command execution and injection attacks.
Additional Critical Vulnerabilities
Beyond the PowerShell injection issue, Notepad++ v8.9.7 also patches several other significant vulnerabilities impacting various components of the application:
- CVE-2026-54758: Stack Buffer Overflow: A stack buffer overflow identified in the
expandNppEnvironmentStrsfunction could lead to memory corruption and potentially remote code execution. - CVE-2026-57233: Zip Slip (Path Traversal): The updater component, WinGUp, contained a Zip Slip vulnerability. This path traversal flaw could allow attackers to overwrite arbitrary files on a system during the extraction of update packages.
- CVE-2026-52886: Session Handling Flaw: A vulnerability in session management allowed for bypassing path validation by manipulating entries within the
session.xmlfile. - Unassigned CVE: Macro Integrity Bypass: A flaw in
shortcuts.xmlenabled bypassing macro integrity checks. This could permit the unauthorized execution of macros without proper HMAC verification. - Unassigned CVE: PowerShell Command Injection: As detailed above, an installer-level PowerShell command injection could lead to arbitrary command execution.
These vulnerabilities underscore the importance of securing local configuration files and update mechanisms, as they can frequently be exploited as attack vectors if not rigorously protected.
Additional Fixes and Enhancements
Alongside security patches, Notepad++ v8.9.7 introduces a range of stability improvements and user-requested features. Notable updates include:
- The “Folder as Workspace” feature now retains its expand/collapse state.
- Incremental Search has been enhanced with new indicators for count and nth-position.
- Various bug fixes address application crashes, UI glitches, and issues with high-DPI scaling.
- The update also incorporates upgrades to core libraries, including Scintilla 5.6.4, Lexilla 5.5.1, and pugixml 1.16.
Further bug resolutions target inconsistencies in file handling, freezes related to symbolic links, and performance issues within search functionalities.
What You Should Do
- Update Immediately: All users, especially those in enterprise or development environments, should update to Notepad++ v8.9.7 without delay. This is crucial for systems that interact with untrusted files or are integrated into automated workflows.
- Verify Download Sources: Always download software installers from official, trusted sources to prevent falling victim to tampered packages.
- Enable Auto-Updates: While the auto-updater will deploy this version within two weeks if no regressions are found, manual updates are recommended for immediate protection.
- Practice Caution: Be vigilant against social engineering tactics that might trick you into installing compromised software.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.