{"uuid": "900a0dde-1182-4fcb-a738-61fedee7c626", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2026-20841", "type": "seen", "source": "https://t.me/tech_b0lt_Genona/6156", "content": "\u041d\u043e\u0440\u043c\u0430\u043b\u044c\u043d\u043e \u0442\u0430\u043a \u0431\u043b\u043e\u043a\u043d\u043e\u0442 \u0432 Windows \u0443\u043b\u0443\u0447\u0448\u0438\u043b\u0438\n\nWindows Notepad App Remote Code Execution Vulnerability\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841\n\nExecutive Summary\n\nImproper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.\n\nHow could an attacker exploit this vulnerability?\n\nAn attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files.\n\nAccording to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?\n\nThe malicious code would execute in the security context of the user who opened the Markdown file, giving the attacker the same permissions as that user.", "creation_timestamp": "2026-02-11T20:10:23.000000Z"}