{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4546", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-21T16:44:04.131Z", "datePublished": "2026-03-22T13:02:40.125Z", "dateUpdated": "2026-03-23T16:39:39.426Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-22T13:02:40.125Z"}, "title": "Flos Freeware Notepad2 TextShaping.dll uncontrolled search path", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-427", "lang": "en", "description": "Uncontrolled Search Path"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-426", "lang": "en", "description": "Untrusted Search Path"}]}], "affected": [{"vendor": "Flos Freeware", "product": "Notepad2", "versions": [{"version": "4.2.25", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Flos Freeware Notepad2 4.2.25. This impacts an unknown function in the library TextShaping.dll. Executing a manipulation can lead to uncontrolled search path. The attack is restricted to local execution. The attack requires a high level of complexity. The exploitability is said to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.3, "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6, "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C/E:ND/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-21T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-21T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-21T17:49:11.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "haehanse (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/?id.352373", "name": "VDB-352373 | Flos Freeware Notepad2 TextShaping.dll uncontrolled search path", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.352373", "name": "VDB-352373 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.774778", "name": "Submit #774778 | Flos Freeware Notepad2 4.2.25 Uncontrolled Search Path - DLL Hijacking with TextShaping.dll", "tags": ["third-party-advisory"]}, {"url": "https://drive.google.com/file/d/1w5-ztNIN28mPuidtjlsilKsKKQQNOiIJ/view", "tags": ["related"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T16:15:15.911646Z", "id": "CVE-2026-4546", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:39:39.426Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Flos Freeware Notepad2 TextShaping.dll uncontrolled search path", "credits": [{"lang": "en", "type": "reporter", "value": "haehanse (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6, "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C/E:ND/RL:ND/RC:UR"}}], "affected": [{"vendor": "Flos Freeware", "product": "Notepad2", "versions": [{"status": "affected", "version": "4.2.25"}]}], "timeline": [{"lang": "en", "time": "2026-03-21T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-21T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-21T17:49:11.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.352373", "name": "VDB-352373 | Flos Freeware Notepad2 TextShaping.dll uncontrolled search path", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.352373", "name": "VDB-352373 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.774778", "name": "Submit #774778 | Flos Freeware Notepad2 4.2.25 Uncontrolled Search Path - DLL Hijacking with TextShaping.dll", "tags": ["third-party-advisory"]}, {"url": "https://drive.google.com/file/d/1w5-ztNIN28mPuidtjlsilKsKKQQNOiIJ/view", "tags": ["related"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Flos Freeware Notepad2 4.2.25. This impacts an unknown function in the library TextShaping.dll. Executing a manipulation can lead to uncontrolled search path. The attack is restricted to local execution. The attack requires a high level of complexity. The exploitability is said to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "Uncontrolled Search Path"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-426", "description": "Untrusted Search Path"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-22T13:02:40.125Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4546", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-23T16:15:15.911646Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-23T16:15:21.646Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-4546", "state": "PUBLISHED", "dateUpdated": "2026-03-22T13:02:40.125Z", "dateReserved": "2026-03-21T16:44:04.131Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-22T13:02:40.125Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:flos-freeware:notepad2:4.2.25:*:*:*:*:*:*:*", "matchCriteriaId": "7F9353EF-AE2A-46D0-A3D9-0368BD060444", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Flos Freeware Notepad2 4.2.25. This impacts an unknown function in the library TextShaping.dll. Executing a manipulation can lead to uncontrolled search path. The attack is restricted to local execution. The attack requires a high level of complexity. The exploitability is said to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha identificado una debilidad en Flos Freeware Notepad2 4.2.25. Esto afecta a una funci\u00f3n desconocida en la biblioteca TextShaping.dll. La ejecuci\u00f3n de una manipulaci\u00f3n puede conducir a una ruta de b\u00fasqueda incontrolada. El ataque est\u00e1 restringido a la ejecuci\u00f3n local. El ataque requiere un alto nivel de complejidad. Se dice que la explotabilidad es dif\u00edcil. El proveedor fue contactado tempranamente sobre esta divulgaci\u00f3n pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2026-4546", "lastModified": "2026-04-30T14:25:11.943", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 1.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-22T14:16:34.383", "references": [{"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://drive.google.com/file/d/1w5-ztNIN28mPuidtjlsilKsKKQQNOiIJ/view"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.352373"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.352373"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.774778"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}, {"lang": "en", "value": "CWE-427"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.2.25"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Notepad2", "source": "cna", "vendor": "Flos Freeware"}, "product": "notepad2", "vendor": "flos_freeware"}], "analysis": {"en": {"generated_at": "2026-03-22T14:45:35.703166+00:00", "value": {"mitigation_remediation": ["Check with the vendor for an official patch or newer version of Notepad2 that addresses the TextShaping.dll issue.", "If no patch is available, avoid running Notepad2 on systems where untrusted or unknown files may be accessed, and limit the installation to trusted users only.", "Consider switching to an alternative text editor that does not expose this flaw.", "If possible, restrict the DLL directory by using group policy or file system permissions to prevent the application from loading DLLs from non\u2011trusted locations."], "summary": {"action": "Immediate Patch", "impact": "Local Code Execution via Uncontrolled Search Path"}, "threat_synthesis": {"affected_systems": "The affected product is Flos Freeware Notepad2, version 4.2.25. No other versions are listed as vulnerable in the available data.", "description_and_impact": "A flaw in the library TextShaping.dll of Flos Freeware Notepad2 allows a local user to manipulate the DLL search order, potentially causing the application to load a malicious DLL instead of the intended one. This can lead to arbitrary code execution with the privileges of the user running the application. The vulnerability is classified as a high severity problem because it gives an attacker control over the execution path without any network access. The weakness falls under CWE\u2011426 (Untrusted Search Path) and CWE\u2011427 (Uncontrolled Search Path).", "risk_and_exploitability": "The CVSS score of 7.3 indicates a high risk to confidentiality, integrity, and availability for the local machine. Exploitation requires a high level of complexity and is considered difficult, and the attack vector is limited to local execution only. Because the vulnerability is not in the CISA KEV catalog and no EPSS score is available, the likelihood of widespread exploitation remains uncertain, but the potential impact for any affected system is significant."}}}}, "created": "2026-03-23T09:46:30.804358+00:00", "updated": "2026-03-25T14:46:29.703083+00:00", "vendors": ["flos_freeware", "flos_freeware$PRODUCT$notepad2"]}