By Connor Jones
Publication Date: 2026-02-11 11:31:00
Just months after Microsoft added Markdown support to Notepad, researchers have found the feature can be abused to achieve remote code execution (RCE).
Tracked as CVE-2026-20841 (8.8), the vulnerability was addressed in the Windows maker’s most recent Patch Tuesday fixes.
The flaw misses out on the top severity scores as it requires a little social engineering in order to get it working, but from there it’s plain sailing for an attacker.
When we say “social engineering,” it’s not the super sophisticated stuff like the dark art practised by Scattered Spider. It’s more just tricking people into opening untrusted links.
There are ample email security protections…
