CVE-2026-46710 HIGH

CVE-2026-46710: Notepad++: Privilege Escalation in the Installer via Uncontrolled Executable Search Path

Vendor Notepad-Plus-Plus
Product notepad-plus-plus
Weakness CWE-426
Published June 26, 2026
Last update June 29, 2026

CVSS base score

7.5/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in the installer. During installation, the installer invokes powershell.exe without using an absolute path after setting the working directory to the installation contextMenu directory. If an attacker can pre-place a malicious powershell.exe in a user-writable custom installation directory, and a privileged user later runs the installer and selects that directory, the attacker-controlled executable is launched with the elevated privileges of the installer. This vulnerability is fixed in 8.9.6.

Key dates

02Disclosure timeline

June 26, 2026 CVE published
June 29, 2026 Record updated