- Microsoft patches Windows 11 RCE Notepad flaw CVE-2026-20841
- A vulnerability exploited Markdown links to execute malicious code with user permissions
- The Patch Tuesday update fixes the issue; Versions 11.2510 and earlier remain vulnerable.
Microsoft fixed a remote code execution (RCE) flaw in Windows 11 Notepad that could have allowed threat actors to execute malware locally without the operating system notifying the user.
Notepad is one of the oldest Windows programs and has been around since its inception; However, it has evolved over the years and with Windows 11, it now supports the Markdown format, which uses symbols for formatting; For example, adding an asterisk before and after a word makes it italic, and two asterisks make it bold.
Markdown also supports clickable links, which is where the problem lies, as Microsoft’s notes for its February 2026 Patch Tuesday cumulative update say it fixed an “improper neutralization of special elements used in a command” bug in Notepad, which could allow an attacker to execute malicious code over a network.
Notepad phishing baits
The flaw is tracked as CVE-2026-20841 and was assigned a severity score of 8.8/10 (high).
“An attacker could trick a user into clicking a malicious link within a Markdown file open in Notepad, causing the application to launch unverified protocols that load and execute remote files,” Microsoft said.
“The malicious code would be executed in the security context of the user who opened the Markdown file, giving the attacker the same permissions as that user.”
In other words, if a person Ctrl+clicks a malicious download link in a Notepad Markdown file, the action will be executed automatically, without warning to the user. Therefore, Notepad files could easily be used in phishing attacks and business email (BEC) attacks.
Vulnerable versions include 11.2510 and earlier, so be sure to check which version you are running. The bug should be fixed automatically with the Patch Tuesday update, but until that happens, be sure not to click on any suspicious links in Notepad.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
