All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

CVE-2026-48800 Bypass: Path Traversal Vulnerability Discovered in Notepad++ v8.9.6.1

By

ringzeropirate

4h ago· 3 min readenCode
Bagel score 75 of 100
75/100
Toasty
Bagelometer

A second-rack bagel that's nearly first-rack. Tasty stuff.

Score75TypeanalysisSentimentnegative

Summary

A security vulnerability (CVE-2026-48800 bypass) has been discovered in Notepad++ v8.9.6.1, the latest patched version. The vulnerability involves a path traversal and improper link resolution issue (CWE-42/CWE-59) that allows arbitrary code execution without user confirmation. The patch added isInTrustedDirectory() validation in Command::run() before calling ShellExecute(), but this validation does not properly prevent bypasses, leaving the software vulnerable to high-severity attacks (CVSS 7.8).

Key quotes

· 3 pulled
The CVE-2026-48800 patch adds isInTrustedDirectory() validation in Command::run() (RunDlg.cpp) before calling ShellExecute().
This function checks whether the resolved executable path is under a trusted directory.
The vulnerability: isInTrustedDirectory() does NO
Snippet from the RSS feed
## Vulnerability Summary **Product**: Notepad++ v8.9.6.1 (latest patched version) **Type**: CWE-42 (Path Traversal) / CWE-59 (Improper Link Resolution) **Impact**: Arbitrary Code Execution...

You might also wanna read

Microsoft Discloses Windows BitLocker 0-Day Vulnerability CVE-2026-50507 Allowing Physical Access Bypass

Microsoft disclosed a Windows BitLocker Security Feature Bypass vulnerability (CVE-2026-50507) on June 9, 2026, as part of its June Patch Tu

cybersecuritynews.com·7h ago

Attackers are exploiting Palo Alto Networks defect that initially flew under the radar

hendryadrian.com·8d ago

Google patches fifth Chrome zero-day of 2026 exploited in the wild

Google patched CVE-2026-11645, the fifth actively exploited Chrome zero-day of 2026, an out-of-bounds memory access vulnerability in the V8

briefly.co·1d ago

Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)

rapid7.com·9d ago

Google Patches Fifth Chrome Zero-Day of 2026 with CVE-2026-11645 Fix

Google released Chrome 149, patching 74 vulnerabilities including CVE-2026-11645, a high-severity V8 out-of-bounds read/write flaw that is t

briefly.co·1d ago

Palo Alto PAN-OS authentication bypass bug (CVE-2026-0257) now actively exploited in the wild

Palo Alto Networks disclosed a vulnerability (CVE-2026-0257) in PAN-OS using GlobalProtect authentication override cookies, initially rating

theregister.com·8d ago