Windows Notepad vulnerability: Markdown risk explained

This report describes CVE-2026-20841, a Notepad vulnerability where newly added Markdown support allowed specially crafted links to leverage Windows URI handlers and execute local commands or launch files. Microsoft released a patch, but systems that remain unpatched are vulnerable to phishing or local-file-based attacks; recommended mitigations include applying updates, enforcing application control, restricting write permissions, and user awareness training.