{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-01T23:46:14.592","vulnerabilities":[{"cve":{"id":"CVE-2026-5525","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-04-10T08:16:26.067","lastModified":"2026-06-17T10:59:09.560","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds checking, resulting in a stack buffer overflow and application crash (STATUS_STACK_BUFFER_OVERRUN)."}],"affected":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","affectedData":[{"vendor":"Notepad++ Project","product":"Notepad++","defaultStatus":"unaffected","versions":[{"version":"8.9.3","status":"affected"},{"version":"8.9.4","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-10T12:49:53.116510Z","id":"CVE-2026-5525","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:notepad-plus-plus:notepad\\+\\+:8.9.3:*:*:*:*:*:*:*","matchCriteriaId":"C8130B60-1945-4683-9267-16AE16685649"}]}]}],"references":[{"url":"https://github.com/notepad-plus-plus/notepad-plus-plus/commit/bfe7514d68bc559534c046c4ef2d1865267aa2b0","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","tags":["Patch"]},{"url":"https://github.com/notepad-plus-plus/notepad-plus-plus/issues/17921","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","tags":["Exploit","Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"https://github.com/notepad-plus-plus/notepad-plus-plus/pull/17930","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/notepad-plus-plus/notepad-plus-plus/issues/17921","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Mitigation","Vendor Advisory"]}]}}]}