Flos Freeware Notepad2 Msimg32.dll uncontrolled search path_CVE-2026-2538

7.3 / 10

HIGH

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X

Description

A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack's complexity is rated as high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-2538

Source VulDB

Published Feb 16, 2026 at 06:02

Affected Product

Vendor Flos Freeware

Product Notepad2

Version 4.2.22

Affected Versions Flos Freeware Notepad2 4.2.22
Flos Freeware Notepad2 4.2.23
Flos Freeware Notepad2 4.2.24
Flos Freeware Notepad2 4.2.25

CWE Classification

CWE-427 CWE-426

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack's complexity is rated as high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-02-16T06:02:06.344Z",
    "modified": "2026-02-16T06:02:06.344Z",
    "type": "cve",
    "title": "Flos Freeware Notepad2 Msimg32.dll uncontrolled search path",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.346126\nhttps://vuldb.com/?ctiid.346126\nhttps://vuldb.com/?submit.749345\nhttps://github.com/Cyber-Wo0dy/report/blob/main/notepad2/4.2.25/notepad2_dll_hijacking.md",
    "id": "CVE-2026-2538",
    "bulletinFamily": "",
    "cwe": [
        "CWE-427",
        "CWE-426"
    ],
    "cvelist": null,
    "sourceData": "Flos Freeware Notepad2 4.2.22\nFlos Freeware Notepad2 4.2.23\nFlos Freeware Notepad2 4.2.24\nFlos Freeware Notepad2 4.2.25",
    "sourceHref": "",
    "cvss": {
        "score": 7.3,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Notepad2",
    "version": "4.2.22",
    "vendor": "Flos Freeware",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}