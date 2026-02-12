The Notepad flaw could allow attackers to exploit Markdown files to trigger unauthorized actions on Windows systems. (Express Photo)

Microsoft has rolled out a security update to patch a critical vulnerability in its Notepad app. The development comes just a day after the developer of Notepad++, a popular alternative to Microsoft’s app, revealed that its infrastructure had been compromised by a Chinese threat actor.

According to the tech giant, the security flaw dubbed CVE-2026-20841 had a severity rating of 8.8/7.7.

Microsoft said that the exploit allowed an attacker to “trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files.”

This means that an attacker could use the security vulnerability to create a Markdown file containing a malicious link. If a user clicked on one of these links, the attack could launch, download and run malicious code and eventually gain full access to the system.