Microsoft has fixed a security vulnerability in Notepad that could allow remote code execution attacks via malicious Markdown links.

The vulnerability, identified as CVE-2026-20841, could be exploited by tricking users into clicking a malicious link in a Markdown file opened in Notepad, which would launch unverified protocols and allow attackers to execute malicious files on a victim’s computer.

According to Microsoft, there is no evidence that the vulnerability has been exploited in the wild, and a fix has been issued.

Microsoft has fixed a serious security vulnerability affecting Markdown files in Notepad, which could have allowed attackers to trick users into clicking malicious links and executing remote code on their computers.

The vulnerability, identified as CVE-2026-20841, could be exploited by a bad actor who could create a malicious link inside a Markdown file opened in Notepad. If a user were to click the link, it would “launch unverified protocols,” allowing attackers to remotely load and execute malicious files on the victim’s computer, according to the patch notes. Microsoft says there is no evidence of attackers exploiting this vulnerability in the wild.

The fix for the Notepad flaw was issued by Microsoft in its Tuesday patch notes. With this update, users can now safely open Markdown files in Notepad without worrying about the risk of remote code execution attacks. The swift resolution of this issue highlights Microsoft‘s commitment to addressing security vulnerabilities and protecting its users from potential threats.