Stack-based buffer overflow in Notepad++ - CVE-2026-54758
Published: July 14, 2026
Notepad++
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to stack-based buffer overflow in expandNppEnvironmentStrs when parsing a variable name in the Run dialog input. A remote attacker can trick the victim into processing a specially crafted variable reference to cause a denial of service.
User interaction is required to open the Run dialog and submit crafted input.