Windows 11 Notepad Flaw Let Files Execute Silently via Markdown Links
Microsoft has patched a high-severity vulnerability in Windows 11's Notepad that allowed attackers to silently execute local or remote programs when a user clicked a specially crafted Markdown link, all without triggering any Windows security warning.
The flaw, tracked as CVE-2026-20841 and fixed in the February 2026 Patch Tuesday update, stemmed from Notepad's relatively new Markdown support -- a feature Microsoft added after discontinuing WordPad and rewriting Notepad to serve as both a plain text and rich text editor. An attacker only needed to create a Markdown file containing file:// links pointing to executables or special URIs like ms-appinstaller://, and a Ctrl+click in Markdown mode would launch them. Microsoft's fix now displays a warning dialog for any link that doesn't use http:// or https://, though the company did not explain why it chose a prompt over blocking non-standard links entirely. Notepad updates automatically through the Microsoft Store.
<a href="http://twitter.com/home?status=Windows+11+Notepad+Flaw+Let+Files+Execute+Silently+via+Markdown+Links%3A+https%3A%2F%2Ftech.slashdot.org%2Fstory%2F26%2F02%2F12%2F2111243%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter" rel="nofollow"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a>
<a href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Ftech.slashdot.org%2Fstory%2F26%2F02%2F12%2F2111243%2Fwindows-11-notepad-flaw-let-files-execute-silently-via-markdown-links%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook" rel="nofollow"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a>
at Slashdot.


Windows 11 Notepad Flaw Let Files Execute Silently via Markdown Links - Slashdot
Microsoft has patched a high-severity vulnerability in Windows 11

Windows 11 Notepad Flaw Let Files Execute Silently via Markdown Links - Slashdot
Microsoft has patched a high-severity vulnerability in Windows 11













