CVE 10 CRITICAL

Vulnerability in Notepad++_CVE-2026-3008

April 27, 2026 invoker category_cve

10 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

Successful exploitation of the
string injection vulnerability could allow an attacker to obtain memory address
information or crash the application.

AI Analysis

String injection vulnerability allowing an attacker to obtain memory address information or crash the application

Basic Information

ID CVE-2026-3008

Source CSA

Published Apr 27, 2026 at 06:04

Modified Apr 27, 2026 at 06:05

Affected Product

Vendor Notepad++

Product Notepad++

Version 8.9.3

Affected Versions Notepad++ Notepad++ 8.9.3

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor Notepad++

Product Notepad++

Version 8.9.3

References

{
    "lastseen": "",
    "description": "Successful exploitation of the\nstring injection vulnerability could allow an attacker to obtain memory address\ninformation or crash the application.",
    "published": "2026-04-27T06:04:22.186Z",
    "modified": "2026-04-27T06:05:33.671Z",
    "type": "cve",
    "title": "Vulnerability in Notepad++",
    "source": "CSA",
    "references": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-044/\nhttps://community.notepad-plus-plus.org/topic/27500/notepad-v8-9-4-release-candidate\nhttps://github.com/llgsjsm/cve-2026-3008\nhttps://llgsjsm.github.io/cve-2026-3008/\nhttps://github.com/notepad-plus-plus/notepad-plus-plus/issues/17960",
    "id": "CVE-2026-3008",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Notepad++ Notepad++ 8.9.3",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Notepad++",
    "version": "8.9.3",
    "vendor": "Notepad++",
    "ai_description": "String injection vulnerability allowing an attacker to obtain memory address information or crash the application",
    "ai_severity": "Critical",
    "ai_vendor": "Notepad++",
    "ai_product": "Notepad++",
    "ai_version": "8.9.3",
    "ai_score": 10
}

💭 Join the Security Discussion ❌ Cancel Reply