Home

Description

Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application.

PUBLISHED Reserved 2026-02-23 | Published 2026-04-27 | Updated 2026-04-27 | Assigner CSA




CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Product status

Default status
unaffected

8.9.3
affected

References

www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-044/

community.notepad-plus-plus.org/...-v8-9-4-release-candidate

github.com/llgsjsm/cve-2026-3008

llgsjsm.github.io/cve-2026-3008/

github.com/notepad-plus-plus/notepad-plus-plus/issues/17960

cve.org (CVE-2026-3008)

nvd.nist.gov (CVE-2026-3008)

Download JSON