Amazing how Microsoft managed to turn *notepad* into a massive exploit problem:
> The modern Windows Notepad app (v11.x) contains a command injection flaw in its `notepad://` URI handler. Attackers can craft malicious links that, when clicked, force Notepad to execute system commands (like launching ransomware) alongside opening a file. Patch immediately via the Microsoft Store.
https://cvereports.com/reports/CVE-2026-20841
> The modern Windows Notepad app (v11.x) contains a command injection flaw in its `notepad://` URI handler. Attackers can craft malicious links that, when clicked, force Notepad to execute system commands (like launching ransomware) alongside opening a file. Patch immediately via the Microsoft Store.
https://cvereports.com/reports/CVE-2026-20841