Skip to content
/ CVE-2026-20841 Public

PoC for a remote code execution flaw in Windows Notepad's markdown renderer. The markdown engine does not restrict URL protocols, allowing arbitrary protocol handlers to be triggered via clickable links

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SecureWithUmer/CVE-2026-20841

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
poc_1.png
poc_1.png
 
 
poc_2.png
poc_2.png
 
 

Repository files navigation

CVE-2026-20841 - Windows Notepad RCE

PoC for a remote code execution flaw in Windows Notepad's markdown renderer. The markdown engine does not restrict URL protocols, allowing arbitrary protocol handlers to be triggered via clickable links.

Disclaimers

  1. Not my discovery. Credit goes to the original researchers on the MSRC advisory. This is a PoC recreation.
  2. Lower severity than it sounds. Requires more than one click in most cases (see Limitations).

PoC

Local Binary Execution (file://)

[click](file://C:/windows/system32/cmd.exe)

Launches any executable already on disk — cmd.exe, powershell.exe, mshta.exe, etc.

step 1.

step 2.

Notes

  • Vulnerable Notepad builds are on Uptodown. Verify the digital signature before use.
  • Test only in a VM.

Stay safe!

About

PoC for a remote code execution flaw in Windows Notepad's markdown renderer. The markdown engine does not restrict URL protocols, allowing arbitrary protocol handlers to be triggered via clickable links

Topics

exploit notepad cve windows-notepad command-injection 2026 cve-2026-20841 notepad-vulnerability notepad-exoploit securewithumer

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 1