I believe Markdown support is what led to CVE-2026-20841 earlier this month. 20260211

password4321 • yesterday at 9:21 PM • 2 replies • view on HN

I believe Markdown support is what led to CVE-2026-20841 earlier this month.

20260211 https://news.ycombinator.com/item?id=46971516 Windows Notepad App Remote Code Execution Vulnerability (804 points, 516 comments)

20260210 https://msrc.microsoft.com/update-guide/vulnerability/CVE-20...

> "An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad"

Other recent Notepad issues:

20260207 https://news.ycombinator.com/item?id=46927098 Microsoft account bugs locked me out of Notepad – Are thin clients ruining PCs? (187 points, 284 comments)

20260127 https://news.ycombinator.com/item?id=46780451 Windows 11 January Update Breaks Notepad (60 points, 25 comments)

Replies

j2kun • yesterday at 9:27 PM

This is my favorite part of this story. Do you want remote code execution? Because [fixing things that aren't broken] is how you get remote code execution.

➕ show 4 replies

WithinReason • yesterday at 9:51 PM

It was already true that an attacker could trick a user into copying a malicious link inside a file opened in Notepad to their browser, was that also a Remote Code Execution Vulnerability?

➕ show 2 replies

alt Hacker News

Replies