Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
FortiBleed Vulnerability Exploited by INC and Lynx Ransomware to Steal Passwords
July 2, 2026
WhatsApp Username Reservations Raise Security Concerns for 2 Billion Users
July 2, 2026
Alleged Scattered Spider Member Extradited to US for 100+ Network Hacks
July 2, 2026
Home/CyberSecurity News/Notepad++ 8.9.3 Patches Critical cURL Vulnerability and Crash Issues
CyberSecurity News

Notepad++ 8.9.3 Patches Critical cURL Vulnerability and Crash Issues

Key Takeaways Notepad++ has released version 8.9.3, a critical update addressing security vulnerabilities and stability issues. The update patches CVE-2025-14819 in the WinGUp auto-updater, stemming...

Marcus Rodriguez
Marcus Rodriguez
March 31, 2026 3 Min Read
34 0

Key Takeaways

  • Notepad++ has released version 8.9.3, a critical update addressing security vulnerabilities and stability issues.
  • The update patches CVE-2025-14819 in the WinGUp auto-updater, stemming from an outdated cURL component.
  • A privilege escalation bug, which caused Notepad++ to relaunch with permanent administrative rights after plugin management, has been resolved.
  • Significant performance enhancements include the completion of the transition to the pugixml parser and updates to core editor components.
  • Users are strongly advised to update to version 8.9.3 immediately to secure their systems and benefit from improved stability.

Notepad++ Fortifies Security and Stability with Version 8.9.3 Release

Notepad++, the widely-used open-source text editor, has rolled out version 8.9.3, delivering crucial security patches, significant performance enhancements, and fixes for persistent application crashes. This latest iteration marks a pivotal update, addressing several regressions and bolstering the application’s resilience against potential exploits.

Table Of Content

  • Key Takeaways
  • Notepad++ Fortifies Security and Stability with Version 8.9.3 Release
  • Critical Security Patches and Privilege Fixes
  • Core Upgrades and Crash Resolutions
  • What You Should Do

The update finalizes the text editor’s architectural shift to an optimized XML parser, resolving multiple recent software regressions. Concurrently, the release strengthens the application’s auto-update mechanism, mitigating documented vulnerabilities that could otherwise compromise the integrity of updates.

Critical Security Patches and Privilege Fixes

A primary focus of the 8.9.3 release is the remediation of a critical vulnerability identified within the application’s auto-updater framework. The development team has updated the embedded cURL component in WinGUp to version 8.19.0, directly addressing CVE-2025-14819, a specific security issue that could potentially be exploited.

Furthermore, this release rectifies an unintended privilege escalation flaw present in previous versions. This bug caused Notepad++ to inadvertently restart with permanent administrative privileges after installing or removing a plugin. The development team has successfully patched this regression, ensuring the application operates within standard user privilege boundaries during routine plugin management activities.

System administrators will also find enhanced controls for managing enterprise deployments. A new disableNppAutoUpdate.xml file has been introduced, allowing IT teams to explicitly disable auto-updates, even when the WinGUp executable is present on the system. Another protective measure prevents XML configuration files from being unintentionally overwritten when updating portable packages via standard copy-and-paste methods.

Core Upgrades and Crash Resolutions

To enhance the efficiency of configuration file operations, Notepad++ has been in the process of migrating from the older TinyXML parser to the more modern pugixml parser. Version 8.9.3 signifies the completion of this structural overhaul, promising improved performance for reading and writing configuration data.

This transition, while beneficial, had introduced several regressions, including localized Workspace text errors and incorrect display of text in non-UTF8 documents. These issues have been thoroughly addressed and resolved in the new update. The core components underpinning the text editor’s interface have also received substantial upgrades, with Scintilla advancing to version 5.6.0 and Lexilla updating to version 5.4.7.

Stability improvements are a significant aspect of this release. Engineers have successfully identified and fixed a long-standing defect that caused the application to crash when initiating a print job. Similar fatal errors related to User Defined Languages (UDL) have also been corrected. Additionally, a memory leak that occurred upon application exit has been sealed, preventing resource degradation during extended development sessions.

Other notable fixes include resolving an issue where “Find in Files” failed to search file content on disk, preventing Notepad++ from spawning redundant Windows Explorer processes in Task Manager, and adding native Autocompletion and Function List support for the D programming language. For a comprehensive list of changes, users can refer to the official Notepad++ release notes.

What You Should Do

  • Immediate Update: All Notepad++ users are strongly advised to update to version 8.9.3 without delay to patch critical vulnerabilities and benefit from stability improvements.
  • Verify Update: After updating, confirm that your Notepad++ installation is indeed running version 8.9.3.
  • Review Enterprise Policies: System administrators should review the new disableNppAutoUpdate.xml feature to align with organizational update policies and ensure controlled deployments.
  • Backup Configurations: Before any major update, especially in portable installations, consider backing up your Notepad++ configuration files to prevent accidental data loss.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

CVEPatchSecurityVulnerability

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Critical Axios npm package flaw lets attackers inject malicious code

Next Post

RoadK1ll Malware Transforms Compromised Hosts Into Network Relays

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Reduce Alert Fatigue to Improve SOC Efficiency and Cut Business Costs
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us