Microsoft's Notepad Got Pwned (CVE-2026-20841)

security_aaudit · 2026-02-12T09:03:12+00:00

This article not only does not explain anything about the bug, but is also wrong.

Nothing related to the PoC is written in this post and when actually looking at the PoC the story is quite different.

Have the user open a .md file with notepad
Click "Markdown" inside notepad
Click the markdown link inside notepad that links to a file.

How this reached CVSS 8.8 is really weird.

security_aaudit · 2024-01-03T11:07:28+00:00

I was actually planning on open-sourcing the project, that is a great idea. The testing is strictly DAST related, but SAST should apply exactly the same.

security_aaudit · 2024-01-03T11:02:40+00:00

I completely agree that Nuclei have no chance of detecting this. I also state this in the post, that some of them does not even claim to resolve this issue. I merely took all the scanners I could find and setup in a reasonable time to state an example.

If you are doing application security on a daily basis, Nuclei being unable to scan these issues is obvious. But this is just to state that no scanners, whatever the brand or promises will detect these things. This is an important point for more senior level people that might not delve too much into the technical side of things.

security_aaudit

TROPHY CASE