Summary

Notepad++ version 8.9.4 patches a critical format string injection vulnerability (CVE-2026-3008) that allow attackers to crash the application or leak sensitive memory data via malicious language packs.

Take Action:

If you use Notepad++, update to version 8.9.4 immediately through the official website or built-in updater, especially if you use a non-English language pack. Only download language packs from the official Notepad++ source, never from forums or third-party sites.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines