CVE-2026-4545 is a vulnerability identified in Flos Freeware Notepad2 version 4.2.25, specifically related to an uncontrolled search path issue in the PROPSYS.dll library. This flaw occurs when the application or library loads resources or dependencies without properly validating or restricting the search path, potentially allowing an attacker with local access to influence which DLLs or files are loaded. Such manipulation can lead to execution of malicious code with the privileges of the user running Notepad2. The vulnerability requires local access and has a high attack complexity, meaning an attacker must have detailed knowledge and conditions to exploit it successfully. The CVSS 4.0 vector indicates local attack vector (AV:L), high complexity (AC:H), no user interaction (UI:N), and limited privileges required (PR:L). The impact metrics show high confidentiality, integrity, and availability impacts, indicating that exploitation could lead to significant compromise of the affected system. The vendor was contacted but has not responded, and no patches or mitigations have been officially released. No known exploits are currently active in the wild, but the vulnerability remains a concern for users of this specific Notepad2 version. The uncontrolled search path vulnerability is a classic security issue that can facilitate DLL hijacking or similar attacks, often used to escalate privileges or maintain persistence on compromised systems.

The primary impact of CVE-2026-4545 is the potential for local attackers to execute arbitrary code by exploiting the uncontrolled search path in PROPSYS.dll when used by Notepad2 4.2.25. This can lead to unauthorized access to sensitive information (confidentiality), modification or corruption of data (integrity), and disruption or denial of service of the application or system (availability). Since the attack requires local access and elevated knowledge, it is less likely to be exploited remotely but poses a significant risk in environments where multiple users share systems or where attackers have gained limited local foothold. The vulnerability could be leveraged as part of a multi-stage attack to escalate privileges or maintain persistence. Organizations relying on Notepad2 in sensitive environments may face increased risk of insider threats or lateral movement by attackers. The lack of vendor response and absence of patches increases the window of exposure. Although no exploits are currently known in the wild, the vulnerability's characteristics make it a credible threat to endpoint security.

To mitigate CVE-2026-4545, organizations should first restrict local access to systems running Notepad2 4.2.25, ensuring only trusted users have permissions to execute the application. Employ application whitelisting and endpoint detection and response (EDR) tools to monitor for unusual DLL loading behavior or unauthorized file modifications related to PROPSYS.dll. Users should avoid running Notepad2 with elevated privileges unless necessary. Consider replacing Notepad2 4.2.25 with alternative text editors that do not exhibit this vulnerability until an official patch is released. System administrators can also implement strict path environment variable controls and use tools to detect DLL hijacking attempts. Regularly audit local user accounts and permissions to minimize the risk of local exploitation. Finally, maintain up-to-date backups and incident response plans to quickly recover from potential exploitation. Monitoring vendor channels for updates or patches is critical given the current lack of official remediation.