Description

A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds checking, resulting in a stack buffer overflow and application crash (STATUS_STACK_BUFFER_OVERRUN).

INFO

Published Date :

2026-04-10T07:40:59.902Z

Last Modified :

2026-04-10T12:49:59.124Z

Source :

securin
AFFECTED PRODUCTS

The following products are affected by CVE-2026-5525 vulnerability.

Vendors Products
Notepad++
  • Notepad++
Notepad-plus-plus
  • Notepad++
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-5525.

URL Resource
https://github.com/notepad-plus-plus/notepad-plus-plus/commit/bfe7514d68bc559534c046c4ef2d1865267aa2b0 cve-icon cve-icon
https://github.com/notepad-plus-plus/notepad-plus-plus/issues/17921 cve-icon cve-icon cve-icon
https://github.com/notepad-plus-plus/notepad-plus-plus/pull/17930 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact