{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-5525","assignerOrgId":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","state":"PUBLISHED","assignerShortName":"securin","dateReserved":"2026-04-04T05:59:46.561Z","datePublished":"2026-04-10T07:40:59.902Z","dateUpdated":"2026-04-10T12:49:59.124Z"},"containers":{"cna":{"providerMetadata":{"orgId":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","shortName":"securin","dateUpdated":"2026-04-10T07:40:59.902Z"},"title":"Stack-Based Buffer Overflow in Notepad++ File Drop Handler leads to DoS","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-121","description":"CWE-121: Stack-based Buffer Overflow","type":"CWE"}]}],"affected":[{"vendor":"Notepad++ Project","product":"Notepad++","versions":[{"status":"affected","version":"8.9.3"},{"status":"unaffected","version":"8.9.4"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds checking, resulting in a stack buffer overflow and application crash (STATUS_STACK_BUFFER_OVERRUN).","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds checking, resulting in a stack buffer overflow and application crash (STATUS_STACK_BUFFER_OVERRUN).</p>"}]}],"references":[{"url":"https://github.com/notepad-plus-plus/notepad-plus-plus/issues/17921"},{"url":"https://github.com/notepad-plus-plus/notepad-plus-plus/pull/17930"},{"url":"https://github.com/notepad-plus-plus/notepad-plus-plus/commit/bfe7514d68bc559534c046c4ef2d1865267aa2b0"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseSeverity":"MEDIUM","baseScore":6,"vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"}}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 1.0.1"}},"adp":[{"references":[{"url":"https://github.com/notepad-plus-plus/notepad-plus-plus/issues/17921","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-10T12:49:53.116510Z","id":"CVE-2026-5525","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-10T12:49:59.124Z"}}]}}