HIGH
notepad-plus-plus
CVE published 2026-06-26
CVE-2026-46710
Notepad++ versions 8.9.4 through 8.9.6 contain a local privilege escalation vulnerability. The installer invokes powershell.exe without using an absolute path after setting the working directory to the installation contextMenu directory. If an attacker can pre-place a malicious powershell.exe in a user-writable custom installation directory, and a privileged user later runs the installer and selects that [truncated]