Originally published at: Notepad++ path traversal bypass can execute commands without a prompt (CVE-2026-52884) - ToolsLib Blog
A Notepad++ advisory (CVE-2026-52884) describes a path traversal bypass that can execute commands without the editor’s usual confirmation dialog. Attack paths involve tampering with shortcuts.xml or redirecting the settings directory. Patch status is unclear; monitor the advisory and handle configuration files with care.