CVE-2026-5525
MEDIUM
6,0
Source: 33c584b5-0579-4c06-b2a0-8d8329fcab9c
Attack Vector: local
Attack Complexity: high
Privileges Required: low
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: none
Description
AI Translation Available
A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds checking, resulting in a stack buffer overflow and application crash (STATUS_STACK_BUFFER_OVERRUN).
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0001
Percentile
0,0th
Updated
EPSS Score Trend (Last 7 Days)
121
Stack-based Buffer Overflow
DraftCommon Consequences
Security Scopes Affected:
Availability
Integrity
Confidentiality
Access Control
Other
Potential Impacts:
Modify Memory
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Execute Unauthorized Code Or Commands
Bypass Protection Mechanism
Other
Applicable Platforms
Languages:
C, C++, Memory-Unsafe
https://github.com/notepad-plus-plus/notepad-plus-plus/issues/17921
https://github.com/notepad-plus-plus/notepad-plus-plus/commit/bfe7514d68bc55953…
https://github.com/notepad-plus-plus/notepad-plus-plus/issues/17921
https://github.com/notepad-plus-plus/notepad-plus-plus/pull/17930