Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-38972

Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibrary(L"MSFTEDIT.DLL") with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or another preferred DLL search location and achieve arbitrary code execution in the context of the user when the About dialog is opened.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 4.6%
CVSS Severity
CVSS v3 Score 7.8
Products affected by CVE-2026-38972


Contact Us

Shodan ® - All rights reserved