Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.3
Notepad2 for Windows: Uncontrolled Search Path Leads to Local Attack
CVE-2026-2538
Summary
A security issue affects Notepad2 4.2.22 to 4.2.25 on Windows. An attacker with local access can potentially exploit this flaw to execute malicious code. Users are advised to update to a fixed version or consider alternative notepad software.
Original title
A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrol...
Original description
A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack's complexity is rated as high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.0
nvd CVSS3.1
7.0
nvd CVSS4.0
7.3
Vulnerability type
CWE-426
CWE-427
Uncontrolled Search Path Element
Published: 16 Feb 2026 · Updated: 14 Mar 2026 · First seen: 6 Mar 2026