A vulnerability identified as problematic has been detected in notepad-plus-plus Notepad++ up to 8.9.6.4 . Affected is an unknown function of the file NppCommands.cpp . Performing a manipulation results in time-of-check time-of-use. This vulnerability is cataloged as CVE-2026-52885 . It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.