this post was submitted on 12 Feb 2026
310 points (98.7% liked)

Technology

81078 readers
5090 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
310
Microsoft's Notepad Got Pwned (They Added AI To It, So...) (foss-daily.org)
submitted 1 day ago by themachinestops@lemmy.dbzer0.com to c/technology@lemmy.world
38 comments fedilink hide all child comments
 

Remember when Notepad was just… Notepad? A simple text editor nobody asked to be modernized?

Yeah, Microsoft didn’t care either. They bolted on Markdown support and AI features anyway. And now we’ve got CVE-2026-20841. Remote code execution. Via a text file. This is the kind of thing that makes you go “oh come on, really?”

you are viewing a single comment's thread
view the rest of the comments
[–] thisbenzingring@lemmy.today 3 points 1 day ago (1 children)

the browser knows its opening links and has a code base on how to do that

notepad isn't suppost to fetch data when the file it opens contains code that acts like a link

[–] pycorax@sh.itjust.works 1 points 13 hours ago (1 children)

Does it not invoke the browser to do it? The article and associated pages don't really go into how the whole flow it works.

[–] thisbenzingring@lemmy.today 1 points 12 hours ago* (last edited 12 hours ago)

https://nvd.nist.gov/vuln/detail/CVE-2026-20841 this page would contain the best details on the CVE, there is a link to a forum discussing it

I don't know for sure but I suspect it is like many of the other types of exploits where someone makes a normal looking URL but inside of it hides conditions that makes whatever is inspecting the URL to know that it should open in the web browser do something before it opens the web browser. Like before it starts the web browser does it it tells it to download some code and run it and that code then hijacks your "system" because the system service is running the code