CVE-2026-5525: CWE-121: Stack-based Buffer Overflow in Notepad++ Project Notepad++
CVE-2026-5525 is a stack-based buffer overflow vulnerability in Notepad++ version 8. 9. 3. It occurs in the file drop handler when a user drags and drops a directory path of exactly 259 characters without a trailing backslash. The application appends a backslash and null terminator without proper bounds checking, causing a stack buffer overflow and application crash. The vulnerability has a medium severity with a CVSS score of 6. No patch or official remediation is currently available, and there are no known exploits in the wild.
AI Analysis
Technical Summary
This vulnerability in Notepad++ 8.9.3 arises from improper bounds checking in the file drop handler component. Specifically, when a directory path of exactly 259 characters without a trailing backslash is dropped into the application, Notepad++ appends a backslash and null terminator to the path string without verifying buffer capacity. This leads to a stack-based buffer overflow resulting in a crash (STATUS_STACK_BUFFER_OVERRUN). The CVSS 3.1 vector indicates the attack requires local access with low privileges and user interaction, with high impact on confidentiality and integrity but no impact on availability.
Potential Impact
Successful exploitation causes a stack buffer overflow leading to application crash. The CVSS score of 6 and vector indicate medium severity with potential high confidentiality and integrity impact, though no availability impact is noted. There are no reports of exploitation in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should avoid dragging and dropping directory paths of exactly 259 characters without trailing backslash into Notepad++ 8.9.3. Monitor vendor channels for updates and apply patches promptly once available.
CVE-2026-5525: CWE-121: Stack-based Buffer Overflow in Notepad++ Project Notepad++
Description
CVE-2026-5525 is a stack-based buffer overflow vulnerability in Notepad++ version 8. 9. 3. It occurs in the file drop handler when a user drags and drops a directory path of exactly 259 characters without a trailing backslash. The application appends a backslash and null terminator without proper bounds checking, causing a stack buffer overflow and application crash. The vulnerability has a medium severity with a CVSS score of 6. No patch or official remediation is currently available, and there are no known exploits in the wild.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Notepad++ 8.9.3 arises from improper bounds checking in the file drop handler component. Specifically, when a directory path of exactly 259 characters without a trailing backslash is dropped into the application, Notepad++ appends a backslash and null terminator to the path string without verifying buffer capacity. This leads to a stack-based buffer overflow resulting in a crash (STATUS_STACK_BUFFER_OVERRUN). The CVSS 3.1 vector indicates the attack requires local access with low privileges and user interaction, with high impact on confidentiality and integrity but no impact on availability.
Potential Impact
Successful exploitation causes a stack buffer overflow leading to application crash. The CVSS score of 6 and vector indicate medium severity with potential high confidentiality and integrity impact, though no availability impact is noted. There are no reports of exploitation in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should avoid dragging and dropping directory paths of exactly 259 characters without trailing backslash into Notepad++ 8.9.3. Monitor vendor channels for updates and apply patches promptly once available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- securin
- Date Reserved
- 2026-04-04T05:59:46.561Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d8c0ed1cc7ad14daa35361
Added to database: 4/10/2026, 9:20:45 AM
Last enriched: 4/17/2026, 12:30:35 PM
Last updated: 5/25/2026, 10:50:14 AM
Views: 286
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.