CVE-2026-5525EPSS p6.1%

CVE-2026-5525CVE-2026-5525

notepad-plus-plus / notepad\+\+

Description

A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds checking, resulting in a stack buffer overflow and application crash (STATUS_STACK_BUFFER_OVERRUN).

Scoring

CVSS 6.0 ()
VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
EPSS0.17% probability of exploitation · percentile 6.1% · 2026-06-19T12:03:05Z
Last modified2026-06-05

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-56383
CVE
Notepad++ Download of Code Without Integrity Check Vulnerability
CVE
CVE-2026-25749
CVE
CVE-2025-55089
CVE
CVE-2025-54910
CVE
Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.