CVE-2026-4546 identifies a vulnerability in Flos Freeware Notepad2 version 4.2.25, specifically within an unknown function of the TextShaping.dll library. The issue is an uncontrolled search path weakness, meaning the application does not securely control the directories it searches when loading DLLs or other resources. This can allow a local attacker with limited privileges to manipulate the search path, causing the application to load a malicious DLL or resource instead of the legitimate one. The attack vector is local, requiring the attacker to have some level of access to the victim machine, but no user interaction is necessary once local access is obtained. The complexity of exploitation is high, indicating that a successful attack requires significant skill or conditions. The vulnerability impacts confidentiality, integrity, and availability at a high level, as malicious code execution could lead to data compromise or application disruption. The vendor has not responded to early disclosure attempts, and no patches or mitigations have been published. There are no known exploits in the wild, but the vulnerability remains a significant risk for affected users. The CVSS 4.0 score of 7.3 reflects the high severity, with local attack vector, high complexity, and high impact on system security properties. The lack of scope change means the vulnerability affects only the vulnerable component without escalating privileges beyond the application context.

The primary impact of CVE-2026-4546 is the potential for local attackers to execute arbitrary code or load malicious DLLs by exploiting the uncontrolled search path in Notepad2's TextShaping.dll. This can lead to unauthorized disclosure of sensitive information, modification or corruption of data, and disruption of application availability. Organizations using Notepad2 4.2.25 on Windows systems face risks especially in environments where multiple users have local access or where attackers can gain limited user privileges. The high complexity and local access requirement reduce the likelihood of widespread exploitation, but insider threats or compromised endpoints could leverage this vulnerability to escalate attacks. The absence of vendor patches and public exploits means organizations must proactively mitigate the risk. If exploited, this vulnerability could facilitate lateral movement, persistence, or privilege escalation within affected systems, impacting organizational security posture and potentially leading to data breaches or operational downtime.

1. Restrict local access to systems running Notepad2 4.2.25 to trusted users only, minimizing the risk of local exploitation. 2. Employ application whitelisting and restrict DLL loading paths using Windows Defender Application Control or similar technologies to prevent unauthorized DLL injection. 3. Monitor system logs and use endpoint detection and response (EDR) tools to detect unusual DLL loads or modifications related to TextShaping.dll. 4. Consider replacing Notepad2 4.2.25 with alternative text editors that do not exhibit this vulnerability until an official patch is released. 5. Implement strict file system permissions on directories where Notepad2 and its DLLs reside to prevent unauthorized file placement or modification. 6. Regularly audit local user privileges and remove unnecessary accounts or rights that could be leveraged for local attacks. 7. Stay informed on vendor updates or community patches and apply them promptly once available. 8. Educate users about the risks of running untrusted code locally and enforce policies to prevent execution of unauthorized software.