CVE-2026-5525: CWE-121: Stack-based Buffer Overflow in Notepad++ Project Notepad++
CVE-2026-5525 is a stack-based buffer overflow vulnerability in Notepad++ version 8. 9. 3. It occurs in the file drop handler when a user drags and drops a directory path of exactly 259 characters without a trailing backslash. The application appends a backslash and null terminator without proper bounds checking, causing a stack buffer overflow and application crash. The vulnerability has a CVSS score of 6. 0, indicating medium severity. No patch or official remediation has been confirmed at this time.
AI Analysis
Technical Summary
This vulnerability in Notepad++ 8.9.3 involves improper bounds checking in the file drop handler component. Specifically, when a directory path of exactly 259 characters is dragged and dropped without a trailing backslash, the software appends a backslash and null terminator to the path string without verifying buffer capacity. This leads to a stack-based buffer overflow, resulting in a crash with STATUS_STACK_BUFFER_OVERRUN. The CVSS 3.1 vector indicates the attack requires local access with low privileges, high attack complexity, and user interaction. Confidentiality and integrity impacts are high, but availability impact is not affected.
Potential Impact
Successful exploitation causes a stack buffer overflow leading to application crash. The vulnerability impacts confidentiality and integrity, but does not affect availability. There are no known exploits in the wild. The attack requires local access, low privileges, and user interaction, with high attack complexity.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should avoid dragging and dropping directory paths of exactly 259 characters without trailing backslashes in Notepad++ 8.9.3. Monitor vendor channels for updates and apply patches promptly once released.
CVE-2026-5525: CWE-121: Stack-based Buffer Overflow in Notepad++ Project Notepad++
Description
CVE-2026-5525 is a stack-based buffer overflow vulnerability in Notepad++ version 8. 9. 3. It occurs in the file drop handler when a user drags and drops a directory path of exactly 259 characters without a trailing backslash. The application appends a backslash and null terminator without proper bounds checking, causing a stack buffer overflow and application crash. The vulnerability has a CVSS score of 6. 0, indicating medium severity. No patch or official remediation has been confirmed at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Notepad++ 8.9.3 involves improper bounds checking in the file drop handler component. Specifically, when a directory path of exactly 259 characters is dragged and dropped without a trailing backslash, the software appends a backslash and null terminator to the path string without verifying buffer capacity. This leads to a stack-based buffer overflow, resulting in a crash with STATUS_STACK_BUFFER_OVERRUN. The CVSS 3.1 vector indicates the attack requires local access with low privileges, high attack complexity, and user interaction. Confidentiality and integrity impacts are high, but availability impact is not affected.
Potential Impact
Successful exploitation causes a stack buffer overflow leading to application crash. The vulnerability impacts confidentiality and integrity, but does not affect availability. There are no known exploits in the wild. The attack requires local access, low privileges, and user interaction, with high attack complexity.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should avoid dragging and dropping directory paths of exactly 259 characters without trailing backslashes in Notepad++ 8.9.3. Monitor vendor channels for updates and apply patches promptly once released.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- securin
- Date Reserved
- 2026-04-04T05:59:46.561Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d8c0ed1cc7ad14daa35361
Added to database: 4/10/2026, 9:20:45 AM
Last enriched: 4/10/2026, 9:36:35 AM
Last updated: 4/10/2026, 12:15:27 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.