{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4744", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-03-24T03:25:50.464Z", "datePublished": "2026-03-24T03:26:11.751Z", "dateUpdated": "2026-03-24T14:32:51.908Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T03:26:11.751Z"}, "title": "Notepad3 Bundled Oniguruma compile_string_node() Heap Buffer Overflow via Crafted Regex Pattern Allows Arbitrary Code Execution", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "type": "CWE"}]}], "affected": [{"vendor": "rizonesoft", "product": "Notepad3", "collectionURL": "https://github.com/rizonesoft/Notepad3", "modules": ["\u200escintilla/oniguruma/src"], "programFiles": ["regcomp.c\u200e"], "versions": [{"status": "affected", "version": "0", "lessThan": "6.25.714.1", "versionType": "git"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Out-of-bounds Read vulnerability in rizonesoft Notepad3 (\u200escintilla/oniguruma/src modules). This vulnerability is associated with program files regcomp.C\u200e.\n\nThis issue affects Notepad3: before 6.25.714.1.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Out-of-bounds Read vulnerability in rizonesoft Notepad3 (\u200escintilla/oniguruma/src modules).<p> This vulnerability is associated with program files regcomp.C\u200e.</p><p>This issue affects Notepad3: before 6.25.714.1.</p>"}]}], "references": [{"url": "https://github.com/rizonesoft/Notepad3/pull/5392", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "ATTACKED", "Safety": "NEGLIGIBLE", "Automatable": "NO", "Recovery": "USER", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "LOW", "providerUrgency": "AMBER", "version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/S:N/AU:N/R:U/V:D/RE:L/U:Amber"}}], "credits": [{"lang": "en", "value": "TITAN Team (titancaproject@gmail.com)", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:32:43.936281Z", "id": "CVE-2026-4744", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:32:51.908Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4744", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T14:32:43.936281Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:32:47.718Z"}}], "cna": {"title": "Notepad3 Bundled Oniguruma compile_string_node() Heap Buffer Overflow via Crafted Regex Pattern Allows Arbitrary Code Execution", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 9.3, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/S:N/AU:N/R:U/V:D/RE:L/U:Amber", "exploitMaturity": "ATTACKED", "providerUrgency": "AMBER", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "rizonesoft", "modules": ["\u200escintilla/oniguruma/src"], "product": "Notepad3", "versions": [{"status": "affected", "version": "0", "lessThan": "6.25.714.1", "versionType": "git"}], "programFiles": ["regcomp.c\u200e"], "collectionURL": "https://github.com/rizonesoft/Notepad3", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/rizonesoft/Notepad3/pull/5392", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds Read vulnerability in rizonesoft Notepad3 (\u200escintilla/oniguruma/src modules). This vulnerability is associated with program files regcomp.C\u200e.\n\nThis issue affects Notepad3: before 6.25.714.1.", "supportingMedia": [{"type": "text/html", "value": "Out-of-bounds Read vulnerability in rizonesoft Notepad3 (\u200escintilla/oniguruma/src modules).<p> This vulnerability is associated with program files regcomp.C\u200e.</p><p>This issue affects Notepad3: before 6.25.714.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T03:26:11.751Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4744", "state": "PUBLISHED", "dateUpdated": "2026-03-24T14:32:51.908Z", "dateReserved": "2026-03-24T03:25:50.464Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-03-24T03:26:11.751Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds Read vulnerability in rizonesoft Notepad3 (\u200escintilla/oniguruma/src modules). This vulnerability is associated with program files regcomp.C\u200e.\n\nThis issue affects Notepad3: before 6.25.714.1."}, {"lang": "es", "value": "Vulnerabilidad de lectura fuera de l\u00edmites en rizonesoft Notepad3 (m\u00f3dulos scintilla/oniguruma/src). Esta vulnerabilidad est\u00e1 asociada con los archivos de programa regcomp.C.\n\nEste problema afecta a Notepad3: antes de 6.25.714.1."}], "id": "CVE-2026-4744", "lastModified": "2026-03-24T15:53:48.067", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "ATTACKED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-03-24T04:17:32.880", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/rizonesoft/Notepad3/pull/5392"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,6.25.714.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Notepad3", "source": "cna", "vendor": "rizonesoft"}, "product": "notepad3", "vendor": "rizonesoft"}], "analysis": {"en": {"generated_at": "2026-03-24T04:20:20.364488+00:00", "value": {"mitigation_remediation": ["Upgrade Notepad3 to version 6.25.714.1 or later.", "If an upgrade is not immediately possible, refrain from opening untrusted files that contain regular expressions or temporarily disable Notepad3 until a patch is applied.", "Monitor the vendor\u2019s website or advisories for updates and apply any new releases promptly."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is Notepad3 from Rizonesoft. Versions prior to 6.25.714.1 are vulnerable. No other vendors or versions are referenced. Users of earlier builds should verify their version and consider upgrading.", "description_and_impact": "This vulnerability is an out\u2011of\u2011bounds read in Notepad3\u2019s regex engine, leading to a heap buffer overflow when a crafted regular expression is compiled. The overflow permits an attacker to execute arbitrary code, potentially taking full control of the affected system. The weakness corresponds to CWE\u2011125, which describes incorrect handling of memory read boundaries. The impact is that a local user or a malicious document can compromise confidentiality, integrity, and availability of the host machine.", "risk_and_exploitability": "The CVSS score of 9.3 indicates a high risk, with the potential for complete system compromise. The EPSS score is not available, but the lack of a KEV listing does not lower the threat; the flaw remains exploitable under local conditions. The likely attack vector is local exploitation via a malicious file that contains a regex pattern engineered to trigger the overflow. Attackers would need to get the application to process the crafted pattern, which could be achieved by opening a doctored file or link. Consequently, the risk remains significant until the application is updated."}}}}, "created": "2026-03-24T10:29:09.905408+00:00", "updated": "2026-03-25T20:40:15.405664+00:00", "vendors": ["rizonesoft", "rizonesoft$PRODUCT$notepad3"]}