Microsoft Patches Critical Notepad Vulnerability Allowing Code Execution
Microsoft, Thursday, February 12th, 2026
As reported by Bleeping Computer, Microsoft has addressed a critical remote code execution vulnerability in Windows 11's Notepad application. This flaw allowed attackers to trick users into clicking specially crafted Markdown links, leading to the execution of local or remote programs without triggering standard Windows security warnings.
The vulnerability, tracked as CVE-2026-20841, was discovered by Cristian Papa, Alasdair Gorniak, and Chen. Attackers could exploit this by creating a Markdown file with malicious links, such as those using "file://" or "ms-appinstaller://" protocols. When a user opened this file in specific versions of Notepad and performed a Ctrl+click on the link, it would execute a remote file within the user's security context. This bypasses typical security prompts, making it a significant risk for executing unauthorized code.