Overview
- Microsoft
- Windows Notepad
Description
Statistics
- 75 Posts
- 2312 Interactions
Fediverse
They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
Microsoft: I have made Notepad✨
Security researchers: You fucked up a perfectly good plaintext editor is what you did. Look at it. It's got RCEs.
"Windows Notepad App Remote Code Execution Vulnerability"
That's it: I'm going back to AppleWorks, on my Apple IIe.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
someone earlier today said "RCE in Notepad" and i was like "haha funny" and then someone ELSE said RCE in Notepad and then i was like youve gotta be fucking kidding me
"With AI, I can replace 20 software engineers with 1 'prompt engineer'"
A few months later: "plain text editor that was rewritten by AI to be more than that with RCE vulnerability".
(but congratulations to Microsoft for managing to put a remote execution vuln in something that should never have anything 'remote', like notepad)
Notepad.exe RCE Vulnerability 8.8
Are you shitting me?
maybe the real remote code execution vulnerability in Windows Notepad was the friends we made along the way
RE: https://tech.lgbt/@solonovamax/116049115040950367
https://www.cve.org/CVERecord?id=CVE-2026-20841
WHAT'S THE NETWORK ELEMENT in FUCKING NOTEPAD
WHAT BIT COULD IT BEEEEEEEE
edit: ahhh! the notepad thing might not be copilot. the bug is that a URL in a markdown file can actually be a sploit that runs stuff as the user. so this may not be an ai story. dammit.
Microsoft hat NOTEPAD.EXE jetzt erfolgreich kaputt gespielt.
Microsoft Windows 11 enshitification continues with its screwing up what was a perfectly functional text file editor - Notepad - adding layers of garbage on it and congratulations, Notepad, yes, bleeding Notepad now has a code execution vulnerability on it.
https://www.cve.org/CVERecord?id=CVE-2026-20841
It's only the Windows 11 Notepad they've screwed up - anyone on any earlier version, which for safety's sake should only be online if it is Windows 10 with the Extended Service Updates (new one just today), is fine.
microsoft: we have made a new notepad.exe
everyone else: you f***ed up a perfectly good text editor, is what you did. look at it. it's got RCE.
From the WTF department, sorry, I mean from Microsoft: an RCE in Notepad of all things. (Well, the new app with AI and stuff; not the old one.)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#Windows #sécurité
Oh misère, y'a même des failles RCE dans le Notepad de Windows ???
https://www.cve.org/CVERecord?id=CVE-2026-20841
lmao, it's 2026 and we have spaceships in the heliosphere, high-resolution images of Pluto and a permanent robotic presence, in orbit and on ground, on Mars.
plus remote code execution in fucking Notepad.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
A vulnerability in Notepad 🤦♂️
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
Что ни день, то повод посмеяться над микрослопом.
Была обнаружена уязвимость, которая позволяет злоумышленникам запускать произвольный код на компьютере жертвы через БЛОКНОТ, сука. Серьёзность уязвимости помечена как ВЫСОКАЯ
🔥 Notepad colpito da vulnerabilità critica
Notepad in Windows 11 espone milioni di PC a un attacco remoto: la vulnerabilità CVE-2026-20841 sfrutta il supporto Markdown per eseguire codice malevolo con un semplice clic su un link
https://gomoot.com/notepad-di-windows-11-colpito-da-vulnerabilita-critica/
1976:
In fünfzig Jahren werden wir fliegende Autos haben.
2026:
Schwere Sicherheitslücke in ... Notepad.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
The year is 2026. Technology has progressed far. Too far, some would say, as they discover a RCE in fucking Notepad: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
Windows Notepad.exe CVE announced today, looks like code can be made to run on your machine if you click a dodgy markdown link. People describing it online as remote code execution, which I don't think it is. Still pretty bad though! #cve #Microsoft #Windows11
https://www.cve.org/CVERecord?id=CVE-2026-20841
Notepad++: alcune mie versioni erano vulnerabili
MS Notepad: hold my beer
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
If there was ever a better time to leave #Windows than after #Microsoft started pushing AI and non-plaintext rendering into #Notepad causing #cve202620841 for #RCE then I'm not sure when a better time could be.
So yes, Microsoft did manage to enshittify notepad too: https://www.cve.org/CVERecord?id=CVE-2026-20841
A more-than-mature 30+ years old dumb utility to display text got rewritten to do "shtuff" and got pwned with a 8.8 CVSS.
Management, corporations and their demented KPIs should stay away from software.
Be sure to keep up with your text editor’s security updates, fellow Notepad users! I heard that vi fans are exploiting this in the wild to install ransomware on people’s computers. The ransomware won’t let you exit vi until you pay up https://www.cve.org/CVERecord?id=CVE-2026-20841
Falha crítica no Bloco de notas (CVE-2026-20841). Um invasor poderia colocar um link malicioso em um arquivo Markdown que, ao ser clicado pela vítima, executaria códigos remotamente. Quem mandou macular a simplicidade do Bloco de notas? Já tem correção disponível. https://www.cve.org/CVERecord?id=CVE-2026-20841&utm_medium=social&utm_source=manualdousuario
Remote Code Execution on notepad
FUCKING NOTEPAD
Microsoft, keep your claws out of the working code! Notepad does NOT need upgrades to be anything else than an entirely plain text editor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
Really looking forward to the analysis of this remote code execution vulnerability in [checks notes] Windows Notepad
The Vibe-coding Era at Microsoft is going greaaaaaaaat.... https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
https://www.cve.org/CVERecord?id=CVE-2026-20841
Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
Notepad
over a network
Kein Kommentar. Wäre nicht zitierfähig. Aber...
RCE im Notizblock?! Wie verstrahlt- uhm "vibed" ist das denn?!
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
Remember when Microslop announced new AI-features in Notepad?
Well… Just as expected, RCEs are part of them.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
What is it, Microsoft shited their pants again lol :neofox_laugh_tears:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
Even this page didn't load properly :neofox_laugh_tears:
#Microsoft #windows
8.8 severity vulnerability in Notepad. Everything is going great in the "30% of our code is written by AI" #Microsoft. https://www.cve.org/CVERecord?id=CVE-2026-20841
#CVE
Imagine being jail to an operating system where even the blast editor is vulnerable
Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
https://www.cve.org/CVERecord?id=CVE-2026-20841
Keep contributing and funding alternatives for all of us.
Looks like the vibe coders at Microsoft forgot to add "don't introduce command injection vulnerabilities" to their prompts?
https://winbuzzer.com/2026/02/11/microsoft-patches-notepad-rce-vulnerability-cve-2026-20841-xcxwbn/
Microsoft Patches High-Severity Notepad Remote Code Execution Flaw
#Cybersecurity #MicrosoftNotepad #Microsoft #Windows #MicrosoftWindows #Windows11 #PatchTuesday #SecurityPatches #WindowsVulnerability #Vulnerability
Bluesky
Overview
Description
Statistics
- 7 Posts
- 48 Interactions
Fediverse
I can't remember if I cried
When my `-f root` hit an ACL line
But something touched me deep inside…
The day the telnet died
On January 14, 2026, global telnet traffic observed by the GreyNoise Global Observation Grid fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing (telnet-wise) from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.
https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
*Donning a tinfoil hat…*
"On January 14, 2026, at approximately 21:00 UTC, something changed in the internet’s plumbing. The GreyNoise Global Observation Grid recorded a sudden, sustained collapse in global telnet traffic…
"Six days later, on January 20, the security advisory for CVE-2026-24061 hit oss-security."
https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
2026-01-14: Il giorno in cui telnet morì
Il 14 gennaio 2026, il traffico #telnet globale osservato dai sensori di GreyNoise è crollato. Una riduzione sostenuta del 59%, diciotto ASN completamente silenziosi e cinque paesi completamente scomparsi dai nostri dati. Sei giorni dopo, la CVE-2026-24061 è scomparsa. La coincidenza è una delle possibili spiegazioni.
https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
Bluesky
Overview
Description
Statistics
- 5 Posts
Fediverse
🔐 CVE-2026-21514
CVE-2026-21514
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
📊 CVSS Score: 7.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21514
🛡️ CWE: CWE-807
🔗 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514
A critical zero-day vulnerability in Microsoft Word, identified as CVE-2026-21514, has been disclosed. The flaw is being actively exploited in the wild.
https://cybersecuritynews.com/microsoft-office-word-0-day-vulnerability/
CVE-2026-21514: Actively Exploited Word Flaw Evades OLE Security https://www.esecurityplanet.com/threats/cve-2026-21514-actively-exploited-word-flaw-evades-ole-security/
Overview
Description
Statistics
- 3 Posts
- 7 Interactions
Fediverse
Microsoft has disclosed a zero-day vulnerability (CVE-2026-21513) in the MSHTML Framework that allows attackers to bypass security features and gain high-level access to affected systems. This critical vulnerability, with a CVSS score of 8.8, has a network-based attack vector and is already being exploited in the wild, necessitating immediate patching.
https://gbhackers.com/mshtml-framework-zero-day/
🔐 CVE-2026-21513
CVE-2026-21513
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
📊 CVSS Score: 8.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21513
🛡️ CWE: CWE-693
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21513
Overview
Description
Statistics
- 3 Posts
- 3 Interactions
Fediverse
🐞 Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security // Het Mehta
「 CVE-2026-25049, a critical vulnerability with a CVSS score of 9.4 that let attackers execute arbitrary system commands on n8n servers. What makes this particularly interesting (and painful for n8n’s security team) is that this vulnerability bypassed a security fix they had just deployed two months earlier 」
Overview
Description
Statistics
- 2 Posts
- 1 Interaction
Fediverse
🔐 CVE-2026-21510
CVE-2026-21510
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
📊 CVSS Score: 8.8
⚠️ Severity: High
🚨 Exploited: true
📅 Published: 10.02.2026, 18:16
🏷️ Aliases: CVE-2026-21510
🛡️ CWE: CWE-693
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (secure@microsoft.com)
📚 References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21510
Overview
- n8n-io
- n8n
Description
Statistics
- 2 Posts
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Overview
- jquery-validation
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
Should be a lot more! They don't organise frontend and npm vuln that way. This doesn't even mention JavaScript:
https://www.cve.org/CVERecord?id=CVE-2025-3573
The search relies on descriptions for which standard terms are "an ongoing area of research" 🧐
https://www.cve.org/ResourcesSupport/FAQs#pc_cve_list_basicssearch_cve
Overview
- Microsoft
- Azure AI Language Authoring
Description
Statistics
- 1 Post
Fediverse
🚨 CVE-2026-21531: Critical RCE in Azure AI Language Authoring SDK v1.0.0 via deserialization of untrusted data. Unauthenticated attackers can execute code remotely. Restrict access & monitor endpoints until patched. https://radar.offseq.com/threat/cve-2026-21531-cwe-502-deserialization-of-untruste-4a5578f9 #OffSeq #Azure #Security