Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Critical Microsoft Active Directory Zero-Day Actively Exploited
July 15, 2026
Critical BitLocker Vulnerability Lets Attackers Bypass Windows Security
July 15, 2026
Notepad++ Vulnerabilities Enable PowerShell Command Injection
July 15, 2026
Home/CyberSecurity News/Notepad++ Vulnerabilities Enable PowerShell Command Injection
CyberSecurity News

Notepad++ Vulnerabilities Enable PowerShell Command Injection

Key Takeaways Notepad++ version 8.9.7 has been released, addressing multiple critical security vulnerabilities. The most severe flaw is a PowerShell command injection during installation, potentially...

Sarah simpson
Sarah simpson
July 15, 2026 3 Min Read
2 0

Key Takeaways

  • Notepad++ version 8.9.7 has been released, addressing multiple critical security vulnerabilities.
  • The most severe flaw is a PowerShell command injection during installation, potentially leading to arbitrary code execution.
  • Other vulnerabilities include path traversal, buffer overflow, and authentication bypass issues.
  • Users are strongly advised to update immediately to mitigate these risks.

Critical Vulnerabilities Patched in Notepad++ v8.9.7

A new version of the popular Windows text editor, Notepad++, has been released, incorporating vital security fixes for several vulnerabilities. Version 8.9.7 specifically tackles a high-severity PowerShell command injection flaw that could facilitate arbitrary code execution during the software’s installation process.

Table Of Content

  • Key Takeaways
  • Critical Vulnerabilities Patched in Notepad++ v8.9.7
  • Installer-Based PowerShell Command Injection
  • Additional Critical Vulnerabilities
  • Additional Fixes and Enhancements
  • What You Should Do

This update resolves a total of five distinct security issues, encompassing weaknesses related to path traversal, buffer overflow conditions, and authentication bypasses. The comprehensive patches aim to bolster the security posture of Notepad++, a tool widely adopted by developers and power users globally.

Installer-Based PowerShell Command Injection

The most significant vulnerability addressed in this release is an install-time PowerShell command injection. This flaw stems from improper handling of PowerShell commands within the Notepad++ installer, which could allow malicious actors to manipulate the execution flow and inject arbitrary commands onto a target system.

Such an exploit could be initiated through various attack vectors, including the distribution of tampered installation packages or the execution of social engineering campaigns. A successful exploit could result in a complete compromise of the affected system.

Notepad++ developers have now enhanced the robustness of PowerShell command processing within the installer, effectively mitigating the risk of unauthorized command execution and injection attacks.

Additional Critical Vulnerabilities

Beyond the PowerShell injection issue, Notepad++ v8.9.7 also patches several other significant vulnerabilities impacting various components of the application:

  • CVE-2026-54758: Stack Buffer Overflow: A stack buffer overflow identified in the expandNppEnvironmentStrs function could lead to memory corruption and potentially remote code execution.
  • CVE-2026-57233: Zip Slip (Path Traversal): The updater component, WinGUp, contained a Zip Slip vulnerability. This path traversal flaw could allow attackers to overwrite arbitrary files on a system during the extraction of update packages.
  • CVE-2026-52886: Session Handling Flaw: A vulnerability in session management allowed for bypassing path validation by manipulating entries within the session.xml file.
  • Unassigned CVE: Macro Integrity Bypass: A flaw in shortcuts.xml enabled bypassing macro integrity checks. This could permit the unauthorized execution of macros without proper HMAC verification.
  • Unassigned CVE: PowerShell Command Injection: As detailed above, an installer-level PowerShell command injection could lead to arbitrary command execution.

These vulnerabilities underscore the importance of securing local configuration files and update mechanisms, as they can frequently be exploited as attack vectors if not rigorously protected.

Additional Fixes and Enhancements

Alongside security patches, Notepad++ v8.9.7 introduces a range of stability improvements and user-requested features. Notable updates include:

  • The “Folder as Workspace” feature now retains its expand/collapse state.
  • Incremental Search has been enhanced with new indicators for count and nth-position.
  • Various bug fixes address application crashes, UI glitches, and issues with high-DPI scaling.
  • The update also incorporates upgrades to core libraries, including Scintilla 5.6.4, Lexilla 5.5.1, and pugixml 1.16.

Further bug resolutions target inconsistencies in file handling, freezes related to symbolic links, and performance issues within search functionalities.

What You Should Do

  • Update Immediately: All users, especially those in enterprise or development environments, should update to Notepad++ v8.9.7 without delay. This is crucial for systems that interact with untrusted files or are integrated into automated workflows.
  • Verify Download Sources: Always download software installers from official, trusted sources to prevent falling victim to tampered packages.
  • Enable Auto-Updates: While the auto-updater will deploy this version within two weeks if no regressions are found, manual updates are recommended for immediate protection.
  • Practice Caution: Be vigilant against social engineering tactics that might trick you into installing compromised software.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitMalwarePatchSecurityVulnerability

Share Article

Sarah simpson

Sarah simpson

Sarah is a cybersecurity journalist specializing in threat intelligence and malware analysis. With over 8 years of experience covering APT groups, zero-day exploits, and advanced persistent threats, Sarah brings deep technical expertise to breaking cybersecurity news. Previously, she worked as a security researcher at leading threat intelligence firms, where she analyzed malware samples and tracked cybercriminal operations. Sarah holds a Master's degree in Computer Science with a focus on cybersecurity and is a regular contributor to major security conferences.

Previous Post

Fortinet Patches Critical, High Vulnerabilities in FortiOS, FortiProxy

Next Post

Critical BitLocker Vulnerability Lets Attackers Bypass Windows Security

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Flaw: OAuth Client ID Spoofing Exposes 2 Million Entra ID Users
July 14, 2026
Critical Claude for Chrome Flaw Exposes Gmail, Docs, Calendar Data
July 14, 2026
Critical Vulnerability in AsyncAPI npm Packages Exposes Users to Attack
July 14, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us