Microsoft added Markdown rendering to Notepad without auditing the full URI scheme surface that the renderer would resolve. The preview mode treated all clickable links as navigable, passing non-HTTP URIs directly to Windows ShellExecute — which launches executables and scripts — without the standard security confirmation dialogs that protect users from exactly this class of action.
Microsoft issued an emergency patch in the February 2026 Patch Tuesday update. Notepad 11.2510 and later display a warning dialog for any link using a protocol other than http:// or https://. The vulnerability renewed industry discussion about the risk of expanding feature surface in privileged, always-installed OS components, and the gap between 'renders correctly' and 'renders safely'.
The Incident
In late 2025, Microsoft shipped Markdown preview support in Windows 11 Notepad — a feature that had been requested by developers for years. The pitch was straightforward: open a .md file, toggle preview, see formatted output. Notepad, the 40-year-old plaintext utility that David Plummer's colleagues used to ship software documentation, was getting a modern rendering layer.
The rendering layer could click links.
CVE-2026-20841 was disclosed in early 2026 and patched the following month. The vulnerability: Notepad's Markdown preview passed any URI in a clickable link directly to Windows ShellExecute — the OS function that maps a URI to an action. ShellExecute knows what to do with http://. It also knows what to do with file://, ms-appinstaller://, ms-msdt://, and a dozen other protocol handlers that can silently launch executables, install software, or invoke remote scripts.
The attack surface was a text file. An attacker sent a victim a .md file. The victim opened it in Notepad. The victim clicked a link — possibly labeled "Click here to view the report" or "Download latest version." Notepad launched whatever the URI pointed to. No Windows security warning. No UAC prompt. Silent execution.
If the victim was running as a local administrator — which is still the default for most consumer Windows installations — the attacker had full system access.
The Pattern
This is the Trust Boundary Violation failure in its most avoidable form.
Notepad has been a zero-attack-surface application for four decades. It opens text. It displays text. It saves text. You cannot embed a script in a Notepad document the way you can in Word or Excel. This property — the total absence of active content — was not an accident. It was Notepad's entire security model. In an operating system with a long history of document-based exploits (Office macros, PDF exploits, HTA files), Notepad was the safe fallback. IT departments told users: if you're not sure about a file, open it in Notepad first.
The Markdown feature broke that model by adding a renderer that could resolve URIs. The renderer was audited for whether it displayed Markdown correctly. It was not audited for the full set of URI schemes that Windows would honor when the renderer passed a link to ShellExecute. The feature team added rendering capability. Nobody asked: what does ShellExecute do with a URI we don't recognize as web traffic?
The answer, on Windows 11, is: launch it. Because ShellExecute is a general-purpose shell dispatcher. It was built to do exactly that. The problem was not ShellExecute. The problem was that a renderer with no history of URI handling was now calling a function with unrestricted URI dispatch capability — and the two were connected without a trust boundary between them.
The Scope
file:// — launches local executables. An attacker with network access (shared drive, phishing attachment) can write a script and link to it.
ms-appinstaller:// — triggers the Windows App Installer with no UAC prompt if the package is signed or the policy allows it. Has been abused in separate malware campaigns.
ms-msdt:// — invoked the Microsoft Support Diagnostic Tool, the same protocol used in the Follina vulnerability (CVE-2022-30190) in 2022. Microsoft had already restricted this protocol following Follina, but the gap in Notepad's renderer demonstrated that URI scheme validation needs to happen at every new call site — not just after a previous exploit makes it visible.
Why It Matters
The Notepad Markdown RCE matters because of what Notepad represents in the Windows security mental model. It is the application users reach for when they don't trust a document enough to open it in a fully-featured editor. The security assumption was: Notepad is safe. The moment that assumption broke, the tool stopped being useful as a trust proxy.
The vulnerability is also a textbook case of feature surface expansion risk: every new capability added to a trusted, minimal OS component increases the attack surface by the full scope of that capability — not just the intended use case. Markdown previewing was intended to render headings and bold text. It incidentally rendered unmediated access to the Windows shell protocol dispatcher.
Microsoft reported no evidence of active in-the-wild exploitation of CVE-2026-20841 before the patch shipped — a meaningful distinction from the concurrent Notepad++ compromise, where Chinese state-sponsored actors did deliver malicious updates to real users. The Notepad vulnerability was a loaded gun; the Notepad++ attack was a fired one. Both happened within weeks of each other, in adjacent applications, and both originated from the same category of trust assumption: that the tools users rely on to inspect untrusted content are themselves safe.
The fix — a warning dialog for non-HTTP protocols — is correct, but it is a remediation, not a design. The design would have been allowlisting only http:// and https:// URIs in the renderer before shipping, and treating all other protocol handlers as out-of-scope by default. That decision costs one code review. The alternative cost Microsoft an emergency Patch Tuesday.
Notepad's security model was: it doesn't run code. The Markdown feature ran code. The conflict between those two facts is the entire vulnerability.