{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3008", "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "state": "PUBLISHED", "assignerShortName": "CSA", "dateReserved": "2026-02-23T05:15:46.334Z", "datePublished": "2026-04-27T06:04:22.186Z", "dateUpdated": "2026-04-27T13:29:42.232Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "shortName": "CSA", "dateUpdated": "2026-04-27T09:31:19.627Z"}, "title": "Vulnerability in Notepad++", "affected": [{"vendor": "Notepad++", "product": "Notepad++", "versions": [{"status": "affected", "version": "8.9.3"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Successful exploitation of the\nstring injection vulnerability could allow an attacker to obtain memory address\ninformation or crash the application.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Successful exploitation of the\nstring injection vulnerability could allow an attacker to obtain memory address\ninformation or crash the application.</p>"}]}], "references": [{"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-044/"}, {"url": "https://community.notepad-plus-plus.org/topic/27500/notepad-v8-9-4-release-candidate"}, {"url": "https://github.com/llgsjsm/cve-2026-3008"}, {"url": "https://llgsjsm.github.io/cve-2026-3008/"}, {"url": "https://github.com/notepad-plus-plus/notepad-plus-plus/issues/17960"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}}], "solutions": [{"lang": "en", "value": "Users and administrators of the\naffected product version are advised to update to the latest version 8.9.4\nimmediately.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Users and administrators of the\naffected product version are advised to update to the latest version 8.9.4\nimmediately.</p>"}]}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-134", "lang": "en", "description": "CWE-134 Use of Externally-Controlled Format String"}]}], "references": [{"url": "https://github.com/llgsjsm/cve-2026-3008", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T13:09:36.243190Z", "id": "CVE-2026-3008", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T13:29:42.232Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3008", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-27T13:09:36.243190Z"}}}], "references": [{"url": "https://github.com/llgsjsm/cve-2026-3008", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-134", "description": "CWE-134 Use of Externally-Controlled Format String"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T13:09:37.529Z"}}], "cna": {"title": "Vulnerability in Notepad++", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Notepad++", "product": "Notepad++", "versions": [{"status": "affected", "version": "8.9.3"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Users and administrators of the\naffected product version are advised to update to the latest version 8.9.4\nimmediately.", "supportingMedia": [{"type": "text/html", "value": "<p>Users and administrators of the\naffected product version are advised to update to the latest version 8.9.4\nimmediately.</p>", "base64": false}]}], "references": [{"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-044/"}, {"url": "https://community.notepad-plus-plus.org/topic/27500/notepad-v8-9-4-release-candidate"}, {"url": "https://github.com/llgsjsm/cve-2026-3008"}, {"url": "https://llgsjsm.github.io/cve-2026-3008/"}, {"url": "https://github.com/notepad-plus-plus/notepad-plus-plus/issues/17960"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Successful exploitation of the\nstring injection vulnerability could allow an attacker to obtain memory address\ninformation or crash the application.", "supportingMedia": [{"type": "text/html", "value": "<p>Successful exploitation of the\nstring injection vulnerability could allow an attacker to obtain memory address\ninformation or crash the application.</p>", "base64": false}]}], "providerMetadata": {"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "shortName": "CSA", "dateUpdated": "2026-04-27T09:31:19.627Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3008", "state": "PUBLISHED", "dateUpdated": "2026-04-27T13:29:42.232Z", "dateReserved": "2026-02-23T05:15:46.334Z", "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "datePublished": "2026-04-27T06:04:22.186Z", "assignerShortName": "CSA"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Successful exploitation of the\nstring injection vulnerability could allow an attacker to obtain memory address\ninformation or crash the application."}], "id": "CVE-2026-3008", "lastModified": "2026-04-27T18:57:20.293", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.7, "source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "type": "Secondary"}]}, "published": "2026-04-27T07:16:03.597", "references": [{"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "url": "https://community.notepad-plus-plus.org/topic/27500/notepad-v8-9-4-release-candidate"}, {"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "url": "https://github.com/llgsjsm/cve-2026-3008"}, {"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "url": "https://github.com/notepad-plus-plus/notepad-plus-plus/issues/17960"}, {"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "url": "https://llgsjsm.github.io/cve-2026-3008/"}, {"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-044/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/llgsjsm/cve-2026-3008"}], "sourceIdentifier": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "8.9.3"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Notepad++", "source": "cna", "vendor": "Notepad++"}, "product": "notepad++", "vendor": "notepad++"}], "analysis": {"en": {"generated_at": "2026-04-28T04:46:23.047569+00:00", "value": {"mitigation_remediation": ["Update Notepad++ to version 8.9.4 or later, which contains the fix for the string injection flaw.", "If an immediate upgrade is not feasible, restrict the use of Notepad++ to non-sensitive contexts and monitor for unexpected crashes that may indicate exploitation attempts.", "Implement logging or alerts for sudden application terminations to detect potential exploitation in real time."], "summary": {"action": "Apply Patch", "impact": "Memory Address Disclosure or Denial of Service"}, "threat_synthesis": {"affected_systems": "Notepad++ is affected. Versions prior to the 8.9.4 release are vulnerable; the remediation advises updating to Notepad++ 8.9.4 or later.", "description_and_impact": "The vulnerability is a string injection flaw that permits an attacker to supply crafted strings that are treated as format specifiers. Successful exploitation can reveal memory address information, potentially facilitating further attacks, or cause the application to crash. The primary impact is a compromise of confidential memory data and a loss of application availability.", "risk_and_exploitability": "The CVSS score of 6.6 indicates moderate risk, and the EPSS score of < 1% shows a very low likelihood of exploitation in the wild. The attack does not appear to be listed in the CISA KEV catalog. Based on the description, the likely attack vector is local input manipulation, but it could also be triggered remotely if a trusted user can influence a string that is processed by the application. Further details on the attack path are not provided in the supplied data."}}}}, "created": "2026-04-27T18:41:59.085559+00:00", "updated": "2026-04-28T05:00:14.729664+00:00", "vendors": ["notepad++", "notepad++$PRODUCT$notepad++"]}