PoC Released for Windows Notepad Vulnerability that Enables Malicious Command Execution

A proof-of-concept has been released for a Windows Notepad vulnerability (CVE-2026-20841) that allows malicious command execution by tricking users into opening a crafted Markdown file and clicking a link. Microsoft has patched this high-severity flaw in its February 2026 release, affecting Notepad versions 11.2508 and earlier.