CVE-2026-4545

HIGH

Flos Freeware Notepad2 PROPSYS.dll uncontrolled search path

Title source: cna

Description

A security flaw has been discovered in Flos Freeware Notepad2 4.2.25. This affects an unknown function in the library PROPSYS.dll. Performing a manipulation results in uncontrolled search path. The attack is only possible with local access. The attack is considered to have high complexity. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

[Vdb Entry] https://vuldb.com/?id.352372

[Signature, Permissions Required] https://vuldb.com/?ctiid.352372

[Third Party Advisory] https://vuldb.com/?submit.774752

Scores

CVSS v3 7.0

EPSS 0.0002

EPSS Percentile 5.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-426 CWE-427

Status published

Products (1)

Flos Freeware/Notepad2 4.2.25

Published Mar 22, 2026

Tracked Since Mar 22, 2026