Microsoft notepad markdown security vulnerability remote code execution – Breaking News & Latest Updates 2026
Skip to main content
The homepageThe VergeThe Verge logo.
The homepageThe VergeThe Verge logo.

Microsoft fixes Notepad flaw that could trick users into clicking malicious Markdown links

Bad actors could use the flaw to remotely load and execute malicious files on a victim’s computer.

Bad actors could use the flaw to remotely load and execute malicious files on a victim’s computer.

by
STK109_WINDOWS_C
STK109_WINDOWS_C
Image: The Verge
Emma Roth
is a news writer who covers the streaming wars, consumer tech, crypto, social media, and much more. Previously, she was a writer and editor at MUO.

Microsoft has fixed a serious security vulnerability affecting Markdown files in Notepad. In the company’s Tuesday patch notes, Microsoft says a bad actor could carry out a remote code execution attack by tricking users “into clicking a malicious link inside a Markdown file opened in Notepad,” as reported earlier by The Register.

Clicking the link would “launch unverified protocols,” allowing attackers to remotely load and execute malicious files on a victim’s computer, according to the patch notes. Microsoft says there isn’t any evidence of attackers exploiting the Notepad vulnerability (CVE-2026-20841) in the wild, but it issued a fix for the flaw in its Tuesday patch.

Microsoft initially added support for Markdown, a plaintext formatting language, to Notepad on Windows 11 last May. The move contributed to criticism that Microsoft is filling its operating system with bloatware, including by stuffing new features and AI capabilities into apps like Notepad and Paint.

Notepad isn’t the only text editor that has faced security issues recently, as the third-party Notepad++ app disclosed that some users may have downloaded a malicious update linked to Chinese state-sponsored attackers.

Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.

Most Popular

Most Popular
  1. Sony’s PlayStation 5 is $200 off for the first time since December
  2. Anthropic’s most dangerous AI model just fell into the wrong hands
  3. Elon Musk admits that millions of Tesla vehicles won’t get unsupervised FSD
  4. The unraveling of Dan Crenshaw
  5. I bought Alienware’s $350 OLED monitor and I can’t believe how good it is

More in Tech

Govee’s new colorful outdoor lights are its first with solar powerGovee’s new colorful outdoor lights are its first with solar power
Tim Cook’s departure is the start of a new era at AppleTim Cook’s departure is the start of a new era at Apple
Microsoft launches ‘vibe working’ in Word, Excel, and PowerPointMicrosoft launches ‘vibe working’ in Word, Excel, and PowerPoint
Honor’s new phones look like iPhones for AndroidHonor’s new phones look like iPhones for Android
Elon Musk admits that millions of Tesla vehicles won’t get unsupervised FSDElon Musk admits that millions of Tesla vehicles won’t get unsupervised FSD
X is going to let Grok curate your timelineX is going to let Grok curate your timeline

Top Stories