JustAppSec
HIGH SeverityCVSS 3.17.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CVE-2026-20841

Last updated Feb 27, 2026 · Published Feb 10, 2026

← Back to list

Description

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.

Affected products

1 listed
  • Microsoft:Windows Notepad

Mappings

CWE

CWE-77

CAPEC

None listed.

CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms