CVE-2026-4546

HIGH

Flos Freeware Notepad2 TextShaping.dll uncontrolled search path

Title source: cna

Description

A weakness has been identified in Flos Freeware Notepad2 4.2.25. This impacts an unknown function in the library TextShaping.dll. Executing a manipulation can lead to uncontrolled search path. The attack is restricted to local execution. The attack requires a high level of complexity. The exploitability is said to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

[Vdb Entry] https://vuldb.com/?id.352373

[Signature, Permissions Required] https://vuldb.com/?ctiid.352373

[Third Party Advisory] https://vuldb.com/?submit.774778

Scores

CVSS v3 7.0

EPSS 0.0001

EPSS Percentile 2.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-426 CWE-427

Status published

Products (1)

Flos Freeware/Notepad2 4.2.25

Published Mar 22, 2026

Tracked Since Mar 22, 2026