Microsoft has released a security update to fix a serious problem in its Notepad app. This comes just a day after Notepad++, a popular alternative, revealed that its systems were hacked by a Chinese threat actor.
The flaw, identified as CVE-2026-20841, has a high severity rating of 8.8 out of 10.
Microsoft explained that the vulnerability allowed attackers to trick users into clicking a malicious link in a Markdown file opened in Notepad. Doing so could make the app run unsafe processes that download and execute harmful files on the user’s computer.
In simple terms, if a user opened a specially created Markdown file and clicked the malicious link, attackers could gain full access to their system.
Microsoft strongly recommends updating Notepad immediately to protect your device from potential attacks.