Home

Description

Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application.

PUBLISHED Reserved 2026-02-23 | Published 2026-04-27 | Updated 2026-04-27 | Assigner CSA




MEDIUM: 6.6CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Product status

Default status
unaffected

8.9.3
affected

References

github.com/llgsjsm/cve-2026-3008 exploit

www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-044/

community.notepad-plus-plus.org/...-v8-9-4-release-candidate

github.com/llgsjsm/cve-2026-3008

llgsjsm.github.io/cve-2026-3008/

github.com/notepad-plus-plus/notepad-plus-plus/issues/17960

cve.org (CVE-2026-3008)

nvd.nist.gov (CVE-2026-3008)

Download JSON