Microsoft has patched a serious security flaw in Notepad that could have allowed attackers to trick users into clicking malicious links embedded in Markdown files.
According to Microsoft’s February Patch Tuesday notes, the vulnerability could be exploited to trigger remote code execution by launching unverified protocols when a user clicks a crafted link inside a Markdown document opened in Notepad.
The issue, tracked as CVE-2026-20841, would have enabled attackers to remotely load and execute malicious files on a victim’s computer. While Microsoft says it has not seen evidence of the flaw being actively exploited in the wild, the company released a fix as part of its regular security updates to prevent potential abuse.
Microsoft added Markdown support to Notepad on Windows 11 last year, allowing users to view formatted text inside what has traditionally been a simple plain-text editor. That change drew criticism from some users who argued Microsoft was overloading basic apps with extra features and AI-related functionality.
Notepad is not the only text editor to face security scrutiny recently. The popular third-party editor Notepad++ also warned users earlier this year that some downloads may have been compromised through a malicious update linked to suspected Chinese state-sponsored attackers.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
