Microsoft has fixed a critical vulnerability in Notepad that could allow attackers to gain control of your computer.
Microsoft has released a critical security update for the Notepad program in Windows 11 to address a security vulnerability that allowed attackers to remotely execute malicious software and gain complete control over infected computers.
This vulnerability, identified as CVE-2026-20841, affects the Microsoft Store version of Notepad, specifically when working with Markdown files. The error occurs because the application fails to properly filter or remove certain special characters in specific commands, which could be exploited to execute unauthorized scripts.
According to Microsoft's security updates guide , an attacker can create a malicious Markdown file containing specially crafted links. If a user opens the file in Notepad and clicks on one of these links, a script can download and execute malware, giving the attacker complete control of the system.
The security vulnerability was fixed in the security update released on Tuesday, February 10, 2026. Microsoft recommends that all users install the latest Windows updates and keep their Notepad software up to date to protect against this type of threat.
The discovery of this security vulnerability has sparked debate about Microsoft's decision to equip Notepad with network connectivity features. Some users are questioning why a simple text editor requires a constant internet connection. Microsoft maintains that this connection is necessary to maintain the integration of Copilot with the editor, although the necessity of this feature remains a subject of discussion.
Although most cyberattacks tend to focus on more complex applications, this case illustrates that even basic tools like a text editor can become risk factors when given expanded permissions and capabilities.