Microsoft notepad markdown security vulnerability remote code execution – Breaking News & Latest Updates 2026
Skip to main content
The homepageThe VergeThe Verge logo.
The homepageThe VergeThe Verge logo.

Microsoft fixes Notepad flaw that could trick users into clicking malicious Markdown links

Bad actors could use the flaw to remotely load and execute malicious files on a victim’s computer.

Bad actors could use the flaw to remotely load and execute malicious files on a victim’s computer.

by
STK109_WINDOWS_C
STK109_WINDOWS_C
Image: The Verge
Emma Roth
is a news writer who covers the streaming wars, consumer tech, crypto, social media, and much more. Previously, she was a writer and editor at MUO.

Microsoft has fixed a serious security vulnerability affecting Markdown files in Notepad. In the company’s Tuesday patch notes, Microsoft says a bad actor could carry out a remote code execution attack by tricking users “into clicking a malicious link inside a Markdown file opened in Notepad,” as reported earlier by The Register.

Clicking the link would “launch unverified protocols,” allowing attackers to remotely load and execute malicious files on a victim’s computer, according to the patch notes. Microsoft says there isn’t any evidence of attackers exploiting the Notepad vulnerability (CVE-2026-20841) in the wild, but it issued a fix for the flaw in its Tuesday patch.

Microsoft initially added support for Markdown, a plaintext formatting language, to Notepad on Windows 11 last May. The move contributed to criticism that Microsoft is filling its operating system with bloatware, including by stuffing new features and AI capabilities into apps like Notepad and Paint.

Notepad isn’t the only text editor that has faced security issues recently, as the third-party Notepad++ app disclosed that some users may have downloaded a malicious update linked to Chinese state-sponsored attackers.

Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.

Most Popular

Most Popular
  1. Meta’s historic loss in court could cost a lot more than $375 million
  2. Apple raises the Mac Mini’s starting price
  3. How the internet’s favorite squirrel dad made the hottest camera app of 2026
  4. These reusable digital Polaroids are a clever way to cover a fridge in memories
  5. AI music is flooding streaming services — but who wants it?

More in Tech

How the internet’s favorite squirrel dad made the hottest camera app of 2026How the internet’s favorite squirrel dad made the hottest camera app of 2026
These reusable digital Polaroids are a clever way to cover a fridge in memoriesThese reusable digital Polaroids are a clever way to cover a fridge in memories
Meta’s historic loss in court could cost a lot more than $375 millionMeta’s historic loss in court could cost a lot more than $375 million
Aura’s delightful Aspen photo frame is on sale for $30 off this weekendAura’s delightful Aspen photo frame is on sale for $30 off this weekend
The things we’re buildingThe things we’re building
Microsoft tests redesigned Windows 11 Run menu with dark mode and moreMicrosoft tests redesigned Windows 11 Run menu with dark mode and more

Top Stories