CVE-2026-4546 identifies a vulnerability in Flos Freeware Notepad2 version 4.2.25, specifically within an unknown function of the TextShaping.dll library. The issue is an uncontrolled search path weakness, meaning the application does not securely handle the directories it searches when loading dependent libraries or modules. This can allow an attacker with local access to place a malicious DLL or file in a location that the application will load instead of the legitimate one, leading to potential arbitrary code execution or privilege escalation. The attack complexity is high, requiring detailed knowledge of the environment and local access with limited privileges. The vulnerability does not require user interaction and has a high impact on confidentiality, integrity, and availability, as malicious code could compromise system security. The vendor was contacted but has not responded or issued a patch, and no public exploits have been observed. The CVSS v4.0 score is 7.3, reflecting the significant risk posed by this vulnerability despite the difficulty in exploitation. The flaw is confined to version 4.2.25 of Notepad2, a popular lightweight text editor, often used in Windows environments.

The vulnerability could allow a local attacker to execute arbitrary code with the privileges of the user running Notepad2, potentially leading to unauthorized access to sensitive information, modification or corruption of data, and disruption of application or system availability. Since Notepad2 is commonly used in Windows environments, exploitation could facilitate lateral movement or privilege escalation within an organization’s network. The high complexity and local access requirement limit widespread exploitation but do not eliminate risk in environments where multiple users share systems or where attackers have gained initial footholds. The absence of vendor response and patches increases the window of exposure. Organizations relying on this version of Notepad2 face risks of compromise, especially in sensitive or multi-user environments.

Organizations should immediately audit their environments for the presence of Notepad2 version 4.2.25 and restrict its use where possible. Until a vendor patch is available, mitigation should focus on minimizing local attack surface: enforce strict access controls to prevent unauthorized local access, implement application whitelisting to block unauthorized DLLs or executables, and monitor file system changes in directories used by Notepad2 for loading libraries. Running Notepad2 with the least privilege necessary reduces impact. Consider replacing Notepad2 with alternative text editors that do not have this vulnerability. Additionally, employ endpoint detection and response (EDR) solutions to detect suspicious DLL loading or process behavior. Regularly check for vendor updates or community patches addressing this issue.