Critical Notepad++ Vulnerability Lets Attackers Crash App, Leak Data
Key Takeaways A critical vulnerability (CVE-2026-3008) has been discovered in Notepad++, a popular open-source text editor. The flaw could allow remote attackers to crash the application or leak...
Key Takeaways
- A critical vulnerability (CVE-2026-3008) has been discovered in Notepad++, a popular open-source text editor.
- The flaw could allow remote attackers to crash the application or leak sensitive memory address information.
- Notepad++ version 8.9.3 is specifically affected, though earlier versions are also considered vulnerable.
- A patch has been released in version 8.9.4, which also addresses a related vulnerability, CVE-2026-6539.
- All users are urged to update immediately to mitigate the risk.
Notepad++ Hit by Critical Vulnerability Allowing Crashes and Data Leaks
A significant security flaw has been identified in Notepad++, the widely adopted open-source text editor favored by developers and IT professionals globally. This vulnerability, tracked as CVE-2026-3008, poses a risk of application crashes and potential leakage of sensitive memory data from compromised systems.
Table Of Content
The core of the issue lies within the Notepad++ FindInFiles feature, specifically a string injection vulnerability. Researchers pinpointed the flaw to improper handling when the "find-result-hits" field within the nativeLang.xml configuration file contains a "%s" format specifier. This malformed input triggers unexpected behavior during search operations, leading to the security weakness.
Such memory handling defects can be exploited by malicious actors to achieve a denial-of-service (DoS) condition, effectively rendering the application unusable. More critically, it can also disclose memory address information. While seemingly benign on its own, this data can be crucial for an attacker to bypass advanced security measures like Address Space Layout Randomization (ASLR) and facilitate further, more sophisticated attacks.
Alongside CVE-2026-3008, another related vulnerability, CVE-2026-6539, was also addressed in the same security update, indicating a broader set of concerns around the application’s stability and security.
Successful exploitation of these vulnerabilities could severely impact the productivity of developers, system administrators, and cybersecurity analysts who rely on Notepad++ for their daily tasks, potentially disrupting critical workflows.
Affected Versions
The vulnerability specifically impacts Notepad++ version 8.9.3. However, users operating any earlier versions are advised to consider themselves at risk and apply the available patch without delay.
Patch Issued Promptly
In a swift response, Mr. Hazley Samsudin, the Notepad++ Product Owner, released version 8.9.4. This update directly resolves both CVE-2026-3008 and CVE-2026-6539. The fix specifically targets the crash behavior observed in the FindInFiles functionality, rectifying the improper parsing of format strings from the nativeLang.xml file.
Further technical details regarding the patch are publicly available on the official Notepad++ GitHub repository under issue #17960 and the official Notepad++ download page for v8.9.4.
What You Should Do
Given the potential for disruption and data leakage, the Cyber Security Agency of Singapore (CSA) strongly advises all users and administrators to take immediate action:
- Update to Notepad++ version 8.9.4: Obtain the latest version from the official Notepad++ website or utilize the application’s built-in update mechanism.
- Verify Installer Integrity: Always check the integrity of downloaded installers using official checksums to prevent supply chain attacks.
- Monitor for Anomalies: Keep an eye on systems for any unusual application behavior that might indicate previous exploitation attempts.
Organizations should integrate this update into their standard patch management cycles with high priority, especially considering the widespread use of Notepad++ in development and IT environments. Users with custom nativeLang.xml configurations are particularly urged to apply the fix immediately to safeguard against potential vulnerabilities.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.