Summaryinfo

A vulnerability was found in rizonesoft Notepad3. It has been rated as problematic. Affected is an unknown function of the file regcomp.C. This manipulation causes out-of-bounds. This vulnerability is handled as CVE-2026-4744. It is possible to launch the attack on the local host. There is not any exploit available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability was found in rizonesoft Notepad3. It has been declared as problematic. Affected by this vulnerability is an unknown function of the file regcomp.C. The manipulation with an unknown input leads to a out-of-bounds vulnerability. The CWE definition for the vulnerability is CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

Out-of-bounds Read vulnerability in rizonesoft Notepad3 (‎scintilla/oniguruma/src modules). This vulnerability is associated with program files regcomp.C‎. This issue affects Notepad3: before 6.25.714.1.

The advisory is shared at github.com. This vulnerability is known as CVE-2026-4744 since 03/24/2026. The exploitation appears to be easy. An attack has to be approached locally. Technical details are known, but no exploit is available.

It is declared as attacked.

Upgrading to version 6.25.714.1 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Vendor

• rizonesoft

Name

• Notepad3

Website

• Product: https://github.com/rizonesoft/Notepad3/

CPE 2.3info

• 🔒

CPE 2.2info

• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion