24h | 7d | 30d

CVE-2026-20841

Overview

  • Microsoft
  • Windows Notepad
10 Feb 2026
Published
11 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.

Statistics

  • 21 Posts
  • 709 Interactions
Last activity: Last hour

Fediverse

Profile picture fallback
Les Orchard @lmorchard

"Windows Notepad App Remote Code Execution Vulnerability"

That's it: I'm going back to AppleWorks, on my Apple IIe.

msrc.microsoft.com/update-guid

  • 65
  • 100
  • 0
  • 8h ago
Profile picture fallback
Windy city @pheonix

They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.

This CVE is an 8.8 severity RCE in Notepad of all things lmao.

Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.

We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭

msrc.microsoft.com/update-guid

#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology

  • 63
  • 43
  • 0
  • 1h ago
Profile picture fallback
LEGACv6 @legacv

someone earlier today said "RCE in Notepad" and i was like "haha funny" and then someone ELSE said RCE in Notepad and then i was like youve gotta be fucking kidding me

  • 56
  • 87
  • 0
  • 7h ago
Profile picture fallback
solo @solonovamax

CVE-2026-20841

  • 55
  • 63
  • 1
  • 8h ago
Profile picture fallback
marado @marado

"With AI, I can replace 20 software engineers with 1 'prompt engineer'"

A few months later: "plain text editor that was rewritten by AI to be more than that with RCE vulnerability".

(but congratulations to Microsoft for managing to put a remote execution vuln in something that should never have anything 'remote', like notepad)

  • 20
  • 32
  • 0
  • 5h ago
Profile picture fallback
David Gerard @davidgerard

RE: tech.lgbt/@solonovamax/1160491

cve.org/CVERecord?id=CVE-2026-

WHAT'S THE NETWORK ELEMENT in FUCKING NOTEPAD

WHAT BIT COULD IT BEEEEEEEE

edit: ahhh! the notepad thing might not be copilot. the bug is that a URL in a markdown file can actually be a sploit that runs stuff as the user. so this may not be an ai story. dammit.

  • 19
  • 30
  • 0
  • 7h ago
Profile picture fallback
Microsoft @microsoft

maybe the real remote code execution vulnerability in Windows Notepad was the friends we made along the way

  • 20
  • 4
  • 0
  • 7h ago
Profile picture fallback
TheWholeTruthXX 🎨 ❤️ 🍁 🛡️ @adwright

Microsoft Windows 11 enshitification continues with its screwing up what was a perfectly functional text file editor - Notepad - adding layers of garbage on it and congratulations, Notepad, yes, bleeding Notepad now has a code execution vulnerability on it.

cve.org/CVERecord?id=CVE-2026-

It's only the Windows 11 Notepad they've screwed up - anyone on any earlier version, which for safety's sake should only be online if it is Windows 10 with the Extended Service Updates (new one just today), is fine.

  • 7
  • 8
  • 0
  • 7h ago
Profile picture fallback
VessOnSecurity @bontchev

From the WTF department, sorry, I mean from Microsoft: an RCE in Notepad of all things. (Well, the new app with AI and stuff; not the old one.)

msrc.microsoft.com/update-guid

  • 6
  • 5
  • 0
  • 9h ago
Profile picture fallback
Dana Fried @tess

Microsoft: I have made Notepad✨

Security researchers: You fucked up a perfectly good plaintext editor is what you did. Look at it. It's got RCEs.

cve.org/CVERecord?id=CVE-2026-

  • 4
  • 10
  • 0
  • Last hour
Profile picture fallback
Philippe Lagadec @decalage

A vulnerability in Notepad 🤦‍♂️
msrc.microsoft.com/update-guid

  • 2
  • 3
  • 0
  • 11h ago
Profile picture fallback
Kevin Boyd (he/him) 🇨🇦 @kboyd

microsoft: we have made a new notepad.exe

everyone else: you f***ed up a perfectly good text editor, is what you did. look at it. it's got RCE.

cve.org/CVERecord?id=CVE-2026-

  • 1
  • 3
  • 0
  • 4h ago
Profile picture fallback
Dragoon Aethis @dragoonaethis

The year is 2026. Technology has progressed far. Too far, some would say, as they discover a RCE in fucking Notepad: msrc.microsoft.com/update-guid

  • 1
  • 2
  • 0
  • 10h ago
Profile picture fallback
Sandro :nixos: :verified_gay: @sandro

@m4rc3l CVE-2026-20841 #c3d2leaks

  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
Raymond Neilson @delta_vee

cve.org/CVERecord?id=CVE-2026-

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.

Notepad

over a network

  • 0
  • 0
  • 0
  • 7h ago
Profile picture fallback
AKK @AKK666

Kein Kommentar. Wäre nicht zitierfähig. Aber...
RCE im Notizblock?! Wie verstrahlt- uhm "vibed" ist das denn?!

msrc.microsoft.com/update-guid

  • 0
  • 0
  • 0
  • 7h ago
Profile picture fallback
rayslava @rayslava

Remember when Microslop announced new AI-features in Notepad?
Well… Just as expected, RCEs are part of them.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841

  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
Stomata 🥼 @Stomata

What is it, Microsoft shited their pants again lol ​:neofox_laugh_tears:​
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
Even this page didn't load properly ​:neofox_laugh_tears:​
#Microsoft #windows

  • 0
  • 0
  • 0
  • 1h ago
Profile picture fallback
Erpel @Erpel

@stefan@akko.lightnovel-dungeon.de @volpeon@icy.wyvern.rip Nope.

Here is the CVE
https://www.cve.org/CVERecord?id=CVE-2026-20841

  • 0
  • 0
  • 0
  • 1h ago

Bluesky

Profile picture fallback
Cyber Kendra @cyberkendra.com
🚨Windows Notepad security flaw (CVE-2026-20841) lets hackers execute code just by getting you to click a link. Microsoft fixed 58 bugs, including 6 ACTIVELY EXPLOITED zero-days. Patch NOW! 🔒 Read- www.cyberkendra.com/2026/02/new-...
  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-21643

Overview

  • Fortinet
  • FortiClientEMS
06 Feb 2026
Published
11 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.13%
KEV

Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Statistics

  • 7 Posts
  • 1 Interaction
Last activity: 14 hours ago

Fediverse

Profile picture fallback
TechNadu @technadu

Fortinet’s CVE-2026-21643 highlights a persistent issue: management and control-plane components remain prime attack surfaces.

SQL injection leading to unauthenticated code execution reinforces the need for rapid patch cycles, continuous monitoring, and segmentation of security tooling.

Source: thehackernews.com/2026/02/fort

💬 How are you reducing blast radius for management infrastructure?

🔔 Follow @technadu for threat-focused security coverage

  • 0
  • 0
  • 0
  • 14h ago

Bluesky

Profile picture fallback
Calimeg @calimegai.bsky.social
#Fortinet corrige une faille SQLi critique (CVE-2026-21643, CVSS 9.1) dans #FortiClientEMS, risquant l'exécution de code sans authentification. Mettez à jour vite ! ⚠️ #CyberSecurity #Automatisation
  • 1
  • 0
  • 0
  • 21h ago
Profile picture fallback
Eyal Estrin ☁️ @eyalestrin.bsky.social
Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution (CVE-2026-21643) #patchmanagement
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
PCI Guru @jbhall56.bsky.social
The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0. thehackernews.com/2026/02/fort...
  • 0
  • 0
  • 1
  • 19h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
Fortinet’s Nightmare: How a Single SQL Injection Flaw (CVE-2026-21643) Can Let Hackers Hijack Your Entire Enterprise Security + Video Introduction: The discovery of CVE-2026-21643, a critical SQL Injection (SQLi) vulnerability in FortiClient Endpoint Management Server (EMS), sends a stark reminder…
  • 0
  • 0
  • 1
  • 19h ago

CVE-2026-24061

Overview

  • GNU
  • Inetutils
21 Jan 2026
Published
10 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
32.54%
KEV

Description

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Statistics

  • 4 Posts
  • 40 Interactions
Last activity: 8 hours ago

Fediverse

Profile picture fallback
hrbrmstr 🇺🇦 🇬🇱 🇨🇦 @hrbrmstr

I can't remember if I cried
When my `-f root` hit an ACL line
But something touched me deep inside…

The day the telnet died

On January 14, 2026, global telnet traffic observed by the GreyNoise Global Observation Grid fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing (telnet-wise) from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.

labs.greynoise.io/grimoire/202

  • 17
  • 21
  • 0
  • 11h ago
Profile picture fallback
Jim Nelson @jim

*Donning a tinfoil hat…*

"On January 14, 2026, at approximately 21:00 UTC, something changed in the internet’s plumbing. The GreyNoise Global Observation Grid recorded a sudden, sustained collapse in global telnet traffic…

"Six days later, on January 20, the security advisory for CVE-2026-24061 hit oss-security."

labs.greynoise.io/grimoire/202

#Linux #GNU #Security #TinFoilHat

  • 1
  • 1
  • 0
  • 8h ago
Profile picture fallback
Lobst3r (TWF1cm8gTS4=) @lobst3r838

Blue Team, heads up!
Della CVE-2026-24061 si è già parlato: ad ogni modo in lungo e in largo.
Qua la mia analisi.

blog.lobsec.com/2026/02/cve-20

  • 0
  • 0
  • 1
  • 17h ago

CVE-2026-1731

Overview

  • BeyondTrust
  • Remote Support(RS) & Privileged Remote Access(PRA)
06 Feb 2026
Published
10 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.9)
EPSS
0.44%
KEV

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Statistics

  • 6 Posts
  • 7 Interactions
Last activity: 4 hours ago

Fediverse

Profile picture fallback
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ Critical Pre-Auth RCE Vulnerability in BeyondTrust Remote Support & PRA Exposes Thousands of Instances (CVE-2026-1731)

darkwebinformer.com/critical-p

  • 3
  • 2
  • 0
  • 15h ago

Bluesky

Profile picture fallback
Stephen Fewer @stephenfewer.bsky.social
We just published our @rapid7.com analysis of CVE-2026-1731, a critical command injection affecting BeyondTrust Privileged Remote Access (PRA) & Remote Support (RS). Unauthenticated RCE, with a root cause due to Bash arithmetic evaluation. Analysis/PoC here: attackerkb.com/topics/jNMBc...
  • 1
  • 1
  • 0
  • 17h ago
Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
Critical unauthenticated RCE (CVE-2026-1731, CVSS 9.9) affects BeyondTrust RS and PRA; patches are available and many internet-accessible on-prem deployments are likely exposed.
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
Zero‑Day to Full Takeover: Exploiting CVE‑2026‑1731 in BeyondTrust Remote Support for Unauthenticated RCE + Video Introduction: A critical zero-day vulnerability, designated CVE-2026-1731, has been publicly disclosed in BeyondTrust Remote Support software, enabling unauthenticated attackers to…
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
BeyondTrust Blaze: The 99-Rated RCE Inferno Consuming Your Privileged Access Fortress + Video Introduction: A cybersecurity storm is brewing for organizations relying on BeyondTrust for privileged access management. CVE-2026-1731, a pre-authentication remote code execution flaw with a near-maximum…
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
BeyondTrust Blunder: How a Single Command Injection Cracked Enterprise Security Wide Open + Video Introduction: A critical pre-authentication remote code execution (RCE) vulnerability, identified as CVE-2026-1731, has been disclosed in BeyondTrust's Remote Support and Privileged Remote Access…
  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-1281

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
16.41%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 3 Posts
  • 25 Interactions
Last activity: 13 hours ago

Fediverse

Profile picture fallback
GreyNoise @greynoise

83% of observed Ivanti EPMM exploitation (CVE-2026-1281) traces to one bulletproof IP that isn't on any published IOC list. The IPs that are? VPN exits with zero Ivanti activity. We broke down who's actually doing this ⬇️ greynoise.io/blog/active-ivant

  • 4
  • 4
  • 0
  • 13h ago

Bluesky

Profile picture fallback
The Shadowserver Foundation @shadowserver.bsky.social
Massive increase in sources attempting Ivanti EPMM CVE-2026-1281 exploitation, with over 28.3K source IPs seen on 2026-02-09. IP data on attackers shared in our www.shadowserver.org/what-we-do/n... (with vulnerability_id set to CVE-2026-1281). 20.4K IPs seen from US networks.
  • 4
  • 5
  • 0
  • 13h ago
Profile picture fallback
GreyNoise @greynoise.io
83% of observed Ivanti EPMM exploitation (CVE-2026-1281) traces to one bulletproof IP that isn't on any published IOC list. The IPs that are? VPN exits with zero Ivanti activity. We broke down who's actually doing this ⬇️ #Ivanti #ThreatIntel #CVE20261281 #InfoSec
  • 3
  • 5
  • 0
  • 13h ago

CVE-2026-1529

Overview

  • Red Hat
  • Red Hat build of Keycloak 26.2
  • rhbk/keycloak-operator-bundle
09 Feb 2026
Published
10 Feb 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token (JWT) payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into an unauthorized organization, leading to unauthorized access.

Statistics

  • 2 Posts
  • 6 Interactions
Last activity: 14 hours ago

Fediverse

Profile picture fallback
buherator @buherator
#Keycloak CVE-2026-1529: "lack of cryptographic signature verification allows the attacker to successfully self-register into an unauthorized organization, leading to unauthorized access."

https://access.redhat.com/security/cve/cve-2026-1529

#JWT
  • 6
  • 0
  • 0
  • 14h ago

Bluesky

Profile picture fallback
buherator @buherator.bsky.social
#Keycloak CVE-2026-1529: "lack of cryptographic signature verification allows the attacker to successfully self-register into an unauthorized organization, leading to unauthorized access." access.redhat.com -> #JWT Original->
  • 0
  • 0
  • 0
  • 14h ago

CVE-2025-26399

Overview

  • SolarWinds
  • Web Help Desk
23 Sep 2025
Published
24 Sep 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
12.86%
KEV

Description

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 12 hours ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Elastic~ Active exploitation of SolarWinds Web Help Desk (WHD) is leading to intrusions using RMM software for persistence and credential theft. - IOCs: files. catbox. moe, vdfccjpnedujhrzscjtq. supabase. co, CVE-2025-26399 - ...
  • 0
  • 1
  • 0
  • 12h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
The SolarWinds Siege: How a Single Help Desk Flaw Is Unleashing Havoc (And How to Stop It) + Video Introduction: A critical vulnerability in SolarWinds Web Help Desk (CVE-2025-26399) is under active, widespread exploitation, allowing threat actors to achieve remote code execution (RCE) and…
  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-20817

Overview

  • Microsoft
  • Windows Server 2022
13 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.06%
KEV

Description

Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally.

Statistics

  • 2 Posts
Last activity: 19 hours ago

Fediverse

Profile picture fallback
ekiledjian @edwardk

A newly documented Windows vulnerability, CVE-2026-20817, affects the Windows Error Reporting Service (WER), allowing local privilege escalation by enabling attackers to launch helper processes without proper authorization. Microsoft's mitigation involves disabling the vulnerable launch feature via a flag, and users are advised to patch promptly and monitor for suspicious process creation related to WerFault.exe or WerMgr.exe.
gbhackers.com/windows-error-re

  • 0
  • 0
  • 0
  • 21h ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-20817: The Hidden Windows Error Reporting Flaw That Grants Attackers Admin Keys + Video Introduction: A critical local privilege escalation (LPE) vulnerability has been discovered in the Windows Error Reporting (WER) service, a core component for crash reporting and diagnostics.…
  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-1357

Overview

  • wpvividplugins
  • Migration, Backup, Staging – WPvivid Backup & Migration
11 Feb 2026
Published
11 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV

Description

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when writing uploaded files. When the plugin fails to decrypt a session key using openssl_private_decrypt(), it does not terminate execution and instead passes the boolean false value to the phpseclib library's AES cipher initialization. The library treats this false value as a string of null bytes, allowing an attacker to encrypt a malicious payload using a predictable null-byte key. Additionally, the plugin accepts filenames from the decrypted payload without sanitization, enabling directory traversal to escape the protected backup directory. This makes it possible for unauthenticated attackers to upload arbitrary PHP files to publicly accessible directories and achieve Remote Code Execution via the wpvivid_action=send_to_site parameter.

Statistics

  • 2 Posts
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Wordfence @wordfence

A critical arbitrary file upload vulnerability (CVE-2026-1357, CVSS 9.8) was discovered in the WPvivid Backup & Migration plugin, which is installed on over 800,000 WordPress sites.

The flaw allows unauthenticated attackers to upload arbitrary files, potentially achieving remote code execution and full site takeover.

Update to version 0.9.124. Wordfence Premium users received firewall protection on January 22.

wordfence.com/blog/2026/02/800

#WordPress #WebSecurity #Wordfence

  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2026-1357 impacts WPvivid Backup & Migration (all versions). Unauthenticated file upload via directory traversal enables RCE. Disable plugin or restrict access immediately! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-0488

Overview

  • SAP_SE
  • SAP CRM and SAP S/4HANA (Scripting Editor)
10 Feb 2026
Published
11 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
0.04%
KEV

Description

An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impact on confidentiality, integrity, and availability.

Statistics

  • 2 Posts
  • 5 Interactions
Last activity: 17 hours ago

Fediverse

Profile picture fallback
circl @circl

An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impact on confidentiality, integrity, and availability.

vulnerability.circl.lu/vuln/cv

#sap #vulnerability #cybersecurity #cve

CVE-2026-0488

  • 2
  • 2
  • 0
  • 23h ago

Bluesky

Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
SAP released 27 security notes including two critical vulnerabilities (CVE-2026-0488 and CVE-2026-0509) enabling database compromise and unauthorized background remote function calls.
  • 1
  • 0
  • 0
  • 17h ago
Showing 1 to 10 of 46 CVEs