Remember when Notepad was just… Notepad? A simple text editor nobody asked to be modernized?
Yeah, Microsoft didn’t care either. They bolted on Markdown support and AI features anyway. And now we’ve got CVE-2026-20841. Remote code execution. Via a text file. This is the kind of thing that makes you go “oh come on, really?”
That’s pretty much the problem. You know how to work around the issue. I know how to work around the issue. Institutional knowledge doesn’t and just opens the application just like they’ve always done. I resolved this one by associating .csv files with Notepad++ company wide. Now this is a mandated change so they’ll grumble and get on track.
The real issue I have with all this is changing data without consent. It’s like the new Notepad is malware all by itself, doesn’t even need remote exploits.
And hello fellow Linux user :)
Wasn’t notepad++ just compromised in a pretty major way?