CVE-2026-48770
MEDIUMNotepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2026-48770. PoCs published by atiilla.
AI-analyzed exploit summary This repository contains functional proof-of-concept exploits for three Notepad++ vulnerabilities (CVE-2026-48770, CVE-2026-48778, CVE-2026-48800), including an OOB read crash via WM_COPYDATA and two RCE vulnerabilities via command injection in config.xml and shortcuts.xml.
Description
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WM_COPYDATA message to Notepad++ using the COPYDATA_FULL_CMDLINE path. The handler appears to process COPYDATASTRUCT.lpData as an unbounded NUL-terminated wchar_t* instead of enforcing COPYDATASTRUCT.cbData. This vulnerability is fixed in 8.9.6.1.
Exploits (1)
This repository contains functional proof-of-concept exploits for three Notepad++ vulnerabilities (CVE-2026-48770, CVE-2026-48778, CVE-2026-48800), including an OOB read crash via WM_COPYDATA and two RCE vulnerabilities via command injection in config.xml and shortcuts.xml.
References (2)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H