71
Windows Notepad App Remote Code Execution Vulnerability (msrc.microsoft.com)
submitted 2 days ago by Enjoyer_of_Games@hexbear.net to c/technology@hexbear.net
22 comments fedilink hide all child comments

do not click on markdownin notepad. It's ok to click on markdown here in your brower because I'm just letting you know not to click on markdown illegal-to-say

all 26 comments
sorted by: hot top controversial new old
[-] gay_king_prince_charles@hexbear.net 29 points 2 days ago

new CVE

Look inside

Its unsanitized text input

[-] PorkrollPosadist@hexbear.net 30 points 2 days ago

We may be laughing now, but Microslop is going to roll out 10-factor authentication on Shithub because of this.

[-] Enjoyer_of_Games@hexbear.net 27 points 2 days ago

for security reasons your readme must be in docx format

[-] chgxvjh@hexbear.net 3 points 2 days ago* (last edited 2 days ago)

.DOCM None of that macro free bs

[-] Orbital@hexbear.net 5 points 2 days ago

Shithub

What are good alternatives if any

[-] ourtimewillcome@hexbear.net 5 points 2 days ago

codeberg and gitlab come to mind

[-] chgxvjh@hexbear.net 4 points 2 days ago

Forgejo is really easy to operate if you already have a server.

Codeberg is a large public Forgejo instance.

There is also https://tangled.org/ which I've meant to look into for a while but never gotten around to. I think it's promising but it's still alpha software. Forgejo and Gitea before it have been around for almost 10 years altogether.

[-] blobjim@hexbear.net 13 points 2 days ago* (last edited 2 days ago)

hilarious

or maybe it was just a backdoor that the wrong person noticed

The 3 people who reported it are:
Cristian Papa, Romanian in Romania,
Alasdair Gorniak, slav (?) in the UK,
Chen, Chinese person, https://x.com/chen9918b/status/2015688020356407548, "Chinese history and culture enthusiasts & market analysis"

its so over for the Amerikkkans. Can't even install remote code execution backdoors in peace.

[-] NephewAlphaBravo@hexbear.net 15 points 2 days ago

wtf version of notepad even lets you create clickable hyperlinks in the first place?

[-] chgxvjh@hexbear.net 9 points 2 days ago

My main uses for notepad:

Second clipboard I can paste stuff into without worrying about consequences.

Paste formatted text into notepad and copy it immediately to strip away formatting.

[-] d_cagno@hexbear.net 2 points 2 days ago

You can paste without formatting with ctrl + shift + V

[-] chgxvjh@hexbear.net 6 points 2 days ago

✨ sometimes ✨

[-] sexywheat@hexbear.net 16 points 2 days ago

So AI slop coding is going great!

[-] Le_Wokisme@hexbear.net 16 points 2 days ago

win11 shitty notepad or all notepad?

[-] Soot@hexbear.net 2 points 2 days ago

The former. Classic notepad would never support clickable links

[-] Soot@hexbear.net 7 points 2 days ago

The Windows Notepad app has a glaring vulnerability. It sends all your contained data to some Microsoft AI if you click the wrong button.

[-] P1d40n3@hexbear.net 14 points 2 days ago

The US has lost the AI race.

[-] InevitableSwing@hexbear.net 7 points 2 days ago

I'm not a tech guy so I don't know why I - cough - clicked the link. I assumed I wouldn't be able to understand anything. But after taking a ~10 second gander at the page I saw this and it made me laugh.

How could an attacker exploit this vulnerability?

An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files.

this post was submitted on 11 Feb 2026
71 points (100.0% liked)

technology

24229 readers
249 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

founded 5 years ago
MODERATORS
context@hexbear.net
SexUnderSocialism@hexbear.net
gaycomputeruser@hexbear.net
Wakmrow@hexbear.net
SwitchyandWitchy@hexbear.net