CVE-2026-48800 in Notepad++info

Prediction

by VulDB Data Team • 05/29/2026

A security vulnerability has been detected in Notepad++ up to 8.9.6. This impacts the function UserCommand of the file Parameters.cpp of the component NppXml::value. Such manipulation leads to os command injection. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. Upgrading to version 8.9.6.1 will fix this issue. The name of the patch is 6b3dc52a9245c6d8c6287a8d6d93a30981c05feb. Upgrading the affected component is advised.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Moderation

accepted

Entry

VDB-367179

CPE

ready

CWE

CWE-78 (confirmed)

Exploit

Download

CVSS

5.3 (VulDB)

EPSS

0.00000

KEV

Activities

very low

Sector

Hospital, Pharma, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-48800
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-48800
CVE Details	https://www.cvedetails.com/cve/CVE-2026-48800/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!