CVE-2026-38972
Low risk· EPSS 8%Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
Notepad3 up to version 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path. The application calls LoadLibrary(L"MSFTEDIT.DLL") with a bare DLL name, allowing a local attacker to place a malicious MSFTEDIT.DLL in the application directory or another preferred DLL search location and achieve arbitrary code execution in the user's context when the About dialog is opened.
Risk Assessment
The risk is that a local attacker can execute arbitrary code in the victim's context, potentially leading to data theft, malware installation, or privilege escalation on the system.
Recommendation
It is recommended to immediately update Notepad3 to a version newer than 6.25.822.1 that fixes this vulnerability. Until updated, avoid opening the About dialog in untrusted environments.
Original NVD description (English source)
Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibrary(L"MSFTEDIT.DLL") with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or another preferred DLL search location and achieve arbitrary code execution in the context of the user when the About dialog is opened.

