{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5525", "assignerOrgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "state": "PUBLISHED", "assignerShortName": "securin", "dateReserved": "2026-04-04T05:59:46.561Z", "datePublished": "2026-04-10T07:40:59.902Z", "dateUpdated": "2026-04-10T12:49:59.124Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "shortName": "securin", "dateUpdated": "2026-04-10T07:40:59.902Z"}, "title": "Stack-Based Buffer Overflow in Notepad++ File Drop Handler leads to DoS", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "type": "CWE"}]}], "affected": [{"vendor": "Notepad++ Project", "product": "Notepad++", "versions": [{"status": "affected", "version": "8.9.3"}, {"status": "unaffected", "version": "8.9.4"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds checking, resulting in a stack buffer overflow and application crash (STATUS_STACK_BUFFER_OVERRUN).", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds checking, resulting in a stack buffer overflow and application crash (STATUS_STACK_BUFFER_OVERRUN).</p>"}]}], "references": [{"url": "https://github.com/notepad-plus-plus/notepad-plus-plus/issues/17921"}, {"url": "https://github.com/notepad-plus-plus/notepad-plus-plus/pull/17930"}, {"url": "https://github.com/notepad-plus-plus/notepad-plus-plus/commit/bfe7514d68bc559534c046c4ef2d1865267aa2b0"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"}}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"references": [{"url": "https://github.com/notepad-plus-plus/notepad-plus-plus/issues/17921", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-10T12:49:53.116510Z", "id": "CVE-2026-5525", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T12:49:59.124Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5525", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-10T12:49:53.116510Z"}}}], "references": [{"url": "https://github.com/notepad-plus-plus/notepad-plus-plus/issues/17921", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T12:49:44.644Z"}}], "cna": {"title": "Stack-Based Buffer Overflow in Notepad++ File Drop Handler leads to DoS", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Notepad++ Project", "product": "Notepad++", "versions": [{"status": "affected", "version": "8.9.3"}, {"status": "unaffected", "version": "8.9.4"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/notepad-plus-plus/notepad-plus-plus/issues/17921"}, {"url": "https://github.com/notepad-plus-plus/notepad-plus-plus/pull/17930"}, {"url": "https://github.com/notepad-plus-plus/notepad-plus-plus/commit/bfe7514d68bc559534c046c4ef2d1865267aa2b0"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds checking, resulting in a stack buffer overflow and application crash (STATUS_STACK_BUFFER_OVERRUN).", "supportingMedia": [{"type": "text/html", "value": "<p>A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds checking, resulting in a stack buffer overflow and application crash (STATUS_STACK_BUFFER_OVERRUN).</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "shortName": "securin", "dateUpdated": "2026-04-10T07:40:59.902Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5525", "state": "PUBLISHED", "dateUpdated": "2026-04-10T12:49:59.124Z", "dateReserved": "2026-04-04T05:59:46.561Z", "assignerOrgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "datePublished": "2026-04-10T07:40:59.902Z", "assignerShortName": "securin"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds checking, resulting in a stack buffer overflow and application crash (STATUS_STACK_BUFFER_OVERRUN)."}], "id": "CVE-2026-5525", "lastModified": "2026-04-13T15:02:06.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.2, "source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "type": "Secondary"}]}, "published": "2026-04-10T08:16:26.067", "references": [{"source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "url": "https://github.com/notepad-plus-plus/notepad-plus-plus/commit/bfe7514d68bc559534c046c4ef2d1865267aa2b0"}, {"source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "url": "https://github.com/notepad-plus-plus/notepad-plus-plus/issues/17921"}, {"source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "url": "https://github.com/notepad-plus-plus/notepad-plus-plus/pull/17930"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/notepad-plus-plus/notepad-plus-plus/issues/17921"}], "sourceIdentifier": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "8.9.3"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "8.9.4"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Notepad++", "source": "cna", "vendor": "Notepad++ Project"}, "product": "notepad++", "vendor": "notepad++"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "8.9.3"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "8.9.4"}}], "original": {"product": "Notepad++", "source": "cna", "vendor": "Notepad++ Project"}, "product": "notepad++", "vendor": "notepad-plus-plus"}], "analysis": {"en": {"generated_at": "2026-04-10T09:22:53.650156+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest Notepad++ release that contains the buffer overflow fix.", "Until the patch is applied, avoid dragging directories with a 259\u2011character path into Notepad++.", "Verify the installation of the updated version to ensure the vulnerability is mitigated."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Notepad++ project\u2019s product, Notepad++. Only version 8.9.3 is known to be impacted; later releases have reportedly patched the flaw.", "description_and_impact": "A stack-based buffer overflow exists in Notepad++ 8.9.3\u2019s file drop handler, triggered when a user drags and drops a directory path of exactly 259 characters without a trailing backslash. The application appends a backslash and null terminator without performing bounds checking, causing a stack overflow that leads to process termination (STATUS_STACK_BUFFER_OVERRUN). This results in a denial\u2011of\u2011service condition, allowing an attacker to crash Notepad++ when they control the path length and can execute the drop.", "risk_and_exploitability": "The CVSS score of 6.0 indicates moderate severity, and the EPSS value is not available. The defect is not listed in the CISA KEV catalog and appears to be exploitable only by local users able to perform a drag\u2011and\u2011drop operation. Consequently, the primary risk is a local denial of service to anyone operating Notepad++ on the affected system."}}}}, "created": "2026-04-10T09:26:26.065836+00:00", "updated": "2026-04-10T14:40:55.181353+00:00", "vendors": ["notepad++", "notepad++$PRODUCT$notepad++", "notepad-plus-plus", "notepad-plus-plus$PRODUCT$notepad++"]}