CVE-2026-2538

Summary

A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack's complexity is rated as high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
Flos FreewareNotepad24.2.22affected
Flos FreewareNotepad24.2.23affected
Flos FreewareNotepad24.2.24affected
Flos FreewareNotepad24.2.25affected

Weaknesses

  • CWE-427: Uncontrolled Search Path
  • CWE-426: Untrusted Search Path

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References