Microsoft has patched a critical remote code execution (RCE) flaw in the Windows Notepad app, tracked as CVE-2026-20841, which could let attackers run malicious code on victims’ machines. Disclosed on February 10, 2026, Microsoft Patch Tuesday updates, the vulnerability stems from improper neutralization of special elements in commands (CWE-77: Command Injection) and carries a CVSS […] The post Windows Notepad Vulnerability Allows Attackers to Execute Malicious Code Remotely appeared first on Cyber Security News.