CVE-2026-3008
Vulnerability in Notepad++
CVSS Score
6.6
EPSS Score
0.0%
EPSS Percentile
0th
Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application.
| Vendor | notepad++ |
| Product | notepad++ |
| Published | Apr 27, 2026 |
| Last Updated | Apr 27, 2026 |
Stay Ahead of the Next One
Get instant alerts for notepad++ notepad++
Be the first to know when new medium vulnerabilities affecting notepad++ notepad++ are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High
Affected Versions
Notepad++ / Notepad++
8.9.3
References
csa.gov.sg: https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-044/ community.notepad-plus-plus.org: https://community.notepad-plus-plus.org/topic/27500/notepad-v8-9-4-release-candidate github.com: https://github.com/llgsjsm/cve-2026-3008 llgsjsm.github.io: https://llgsjsm.github.io/cve-2026-3008/ github.com: https://github.com/notepad-plus-plus/notepad-plus-plus/issues/17960