CVE-2026-48778

HIGHCVSS: 7.8

Notepad++ through v8.9.6 allows remote code execution by abusing the commandLineInterpreter setting in config.xml, leading to arbitrary command execution.

Published: 1/15/2026

Affected: Notepad++ <= v8.9.6 (patched in v8.9.6.1)

REFERENCES

GHSA-7hm3-wp5q-ccv9

AVAILABLE_EXPLOITS(1)

CVE-2026-48778 - C++ Exploit

@XK3NF4

1/15/2026

C++ PoC that achieves code execution in Notepad++ by tampering with the commandLineInterpreter entry in config.xml.

#RCE#Windows#High

VERIFIED

VIEW_EXPLOIT