Thanks to Microsoft adding all those extra features to Notepad, it now unfortunately sports one more: An exploitation vulnerability with a high security rating

A screenshot of Windows Notepad, demonstrating the use of tables, as created by Microsoft — (Image credit: Microsoft)

For over four decades, Windows Notepad has been the basic text editor of choice for many a discerning PC user. In recent years, though, Microsoft has been steadily adding all kinds of features to it, turning it from a barebones word processor into something decidedly more complex. Unfortunately, the addition of formatting and tables now includes one more feature: a remote code execution vulnerability that could let hackers run all kinds of nasty stuff on your PC.

Microsoft acknowledges the issue in its security update guide, snappily labelled as CVE-2026-20841. With a common vulnerability base score of 8.8 and temporal score of 7.7, it's rated as a 'high' security problem.

Like so many vulnerabilities of this kind, the computer would need to be connected to a network for the attacker to gain remote access, and it would only trigger if the user opened the Markdown file and then clicked on the link inside it. You'd think that this would mean that almost nobody would be affected by the problem, but the fact that cybercrime is such a problem these days just shows how many folks would be at risk.

If you're wondering what Markdown is, it's a simple markup language that can be used to translate basic text into HTML, and it's what Microsoft uses to give Notepad the ability to add tables and formatting (e.g. bold or italic) to a text document. If you've ever used an app where you've added two asterisks before a word to make it go bold, then you're probably using Markdown to do this. Well, the app is, but you get what I mean.

A screenshot of Windows Notepad, demonstrating the AI streaming ability of Copilot, as created by Microsoft — Notepad also has a Copilot feature, as well as Markdown support, but at least that's secure. Hopefully. (Image credit: Microsoft)

This security vulnerability isn't an issue with Markdown itself, just how Notepad renders it, but exactly how Microsoft will fix this isn't clear at this stage. For now, though, you can avoid the problem entirely by sticking to some important procedures: Do not download any file that you can't verify the integrity of its source and never click on a random link.

The good news is that there is currently no known exploitation of this vulnerability doing the rounds out in the wild, and even if there was, it's pretty straightforward to avoid putting your PC into harm's way. But given the simplicity of the hack, you'd think that Microsoft would have already thought about the possibility of it before going all willy-nilly with expanding Notepad's feature set.

Best gaming rigs 2026

1. Best gaming laptop: Razer Blade 16

2. Best gaming PC: HP Omen 35L

3. Best handheld gaming PC: Lenovo Legion Go S SteamOS ed.

4. Best mini PC: Minisforum AtomMan G7 PT

5. Best VR headset: Meta Quest 3

👉Check out our list of guides👈

TOPICS

Nick, gaming, and computers all first met in the early 1980s. After leaving university, he became a physics and IT teacher and started writing about tech in the late 1990s. That resulted in him working with MadOnion to write the help files for 3DMark and PCMark. After a short stint working at Beyond3D.com, Nick joined Futuremark (MadOnion rebranded) full-time, as editor-in-chief for its PC gaming section, YouGamers. After the site shutdown, he became an engineering and computing lecturer for many years, but missed the writing bug. Cue four years at TechSpot.com covering everything and anything to do with tech and PCs. He freely admits to being far too obsessed with GPUs and open-world grindy RPGs, but who isn't these days?

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.