A vulnerability categorized as critical has been discovered in notepad-plus-plus Notepad++ 8.9.6.1 . This impacts the function isInTrustedDirectory of the file RunDlg.cpp . Such manipulation leads to path equivalence: 'filename.' (trailing dot). This vulnerability is listed as CVE-2026-52884 . The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.