Main Vulnerability Database Exploits ID:12760 - Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Notepad++

ID:12760 - Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Notepad++

Published: June 5, 2026

Vulnerability identifier: #VU133403

Vulnerability risk: Medium

CVE-ID: N/A

CWE-ID: CWE-367

Exploitation vector: Remote access

Vulnerable software:
Notepad++

Link to public exploit:

https://github.com/notepad-plus-plus/notepad-plus-plus/security/advisories/GHSA-qm4c-qg8p-qfcr/#poc

Vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a time-of-check, time-of-use (TOCTOU) race condition between HMAC validation and command execution. A remote user can execute arbitrary commands on the target system.

Remediation

Install updates from vendor's website.

ID:12760 - Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Notepad++

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human