CVE-2026-48800 | Notepad++ up to 8.9.6 NppXml::value Parameters.cpp UserCommand os command injection (GHSA-3x3f-3j39-pj3v)

Inserito da Angelo Barbosa | Mag 29, 2026 | CVE

A vulnerability classified as critical was found in Notepad++ up to 8.9.6. This impacts the function UserCommand of the file Parameters.cpp of the component NppXml::value. Such manipulation leads to os command injection.

This vulnerability is listed as CVE-2026-48800. The attack must be carried out locally. In addition, an exploit is available.

Upgrading the affected component is advised.

CVE-2026-48800 | Notepad++ up to 8.9.6 NppXml::value Parameters.cpp UserCommand os command injection (GHSA-3x3f-3j39-pj3v)

Post correlati

CVE-2025-14967 | itsourcecode Student Management System 1.0 /candidates_report.php school_year sql injection

CVE-2025-8680 | B Slider Plugin up to 2.0.0 on WordPress fs_api_request server-side request forgery

CVE-2024-24910 | Check Point ZoneAlarm Extreme Security NextGen on Windows permission assignment

CVE-2026-5691 | Totolink A7100RU 7.4cu.2313_b20191024 /cgi-bin/cstecgi.cgi setFirewallType firewallType os command injection