CVE-2026-20841: Windows Notepad RCE Fixed in Microsoft’s February Patch Tuesday Release

Microsoft’s February 2026 Patch Tuesday addresses CVE-2026-20841, an 8.8-rated remote code execution vulnerability in the modern Windows Notepad (Store) app that can be exploited when a user opens a crafted Markdown (.md) file and clicks a malicious link; organizations should update Notepad to build 11.2510+ via the Microsoft Store, enable automatic app updates, and avoid opening or clicking links in untrusted Markdown files.