ByteOS Network

Notepad++

Source -

CISACNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-3008

Assigner-5f57b9bf-260d-4433-bf07-b6a79e9bb7d4

View Details

Assigner-5f57b9bf-260d-4433-bf07-b6a79e9bb7d4

CVSS Score-6.6||MEDIUM

EPSS-Not Assigned

Published-27 Apr, 2026 | 06:04

Updated-27 Apr, 2026 | 10:16

Vulnerability in Notepad++

Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application.

Vendor-Notepad++

Product-Notepad++

CVE-2025-15556

Assigner-VulnCheck

View Details

Assigner-VulnCheck

CVSS Score-7.7||HIGH

EPSS-6.09% / 90.80%

7 Day CHG~0.00%

Published-03 Feb, 2026 | 00:50

Updated-05 Mar, 2026 | 01:29

Known KEV||Action Due Date - 2026-03-05||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Notepad++ < 8.8.9 WinGUp Updater Lacks Update Integrity Verification

Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download and execute an attacker-controlled installer, resulting in arbitrary code execution with the privileges of the user.

Vendor-notepad-plus-plus notepad-plus-plus Notepad++

Product-notepad\+\+notepad-plus-plus Notepad++

CWE ID-CWE-494

Download of Code Without Integrity Check