Insufficient verification of data authenticity in Notepad++ - #VU137487
Published: July 14, 2026
Notepad++
Detailed vulnerability description
The vulnerability allows a local user to execute commands with elevated privileges.
The vulnerability exists due to insufficient verification of data authenticity in the shortcuts.xml macro processing path when loading an attacker-controlled shortcuts.xml through a settings directory consumed by an elevated Notepad++ instance. A local user can supply a crafted shortcuts.xml containing macros to execute commands with elevated privileges.
Exploitation is conditional on influencing the settings directory used by an elevated Notepad++ process and triggering the macro path.