According to a notice from Microsoft, the vulnerability coded CVE-2026-20841 is rated as highly serious, with a score of 8.8/7.7 on the CVSS scale (an open industry standard system, used to assess and quantify the severity of software/hardware security vulnerabilities).
This vulnerability allows the attacker to trick users into clicking on malicious links inserted in the Markdown file opened with Notepad.
At that time, the application can launch unverified protocols, download and execute files remotely.
In other words, hackers can create a Markdown file containing malicious links. If users accidentally click on it, the malware can be downloaded and run on the system, thereby paving the way for controlling devices, stealing data or installing spyware.
The vulnerability has been fixed in the Patch Tuesday February 2026 update. Microsoft recommends Windows users quickly install the latest patch to ensure safety.
The company also said that at the time of announcement, no cases of this vulnerability being exploited publicly have been recorded.
Notably, the incident occurred just one day after the developer of Notepad++ (a popular alternative word processor) announced that their infrastructure was hacked, raising concerns about the security of word processing tools.
Previously, Notepad was just a simple offline text editor. However, since May last year, Microsoft has redesigned the application, adding Markdown support and online features.
In particular, Notepad can now connect to the internet to serve the Microsoft Copilot AI assistant.
This feature expansion makes many users wonder whether a basic word processor needs to access the network regularly?
In recent years, Microsoft has faced considerable criticism for integrating Copilot and AI tools into core applications such as Notepad or Paint.
However, security experts emphasize that the biggest risk does not lie in the application itself but in users' lack of vigilance against strange files and links.
Frequent system updates are still the most important measure to protect devices from increasingly sophisticated threats.
