https://feed.craftedsignal.io/tags/uncontrolled-search-path/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 23 Mar 2026 14:00:00 +0000https://feed.craftedsignal.io/briefs/2026-03-notepad2-cve/Mon, 23 Mar 2026 14:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-notepad2-cve/CVE-2026-4545 describes a vulnerability in Flos Freeware Notepad2 4.2.25, where manipulating PROPSYS.dll leads to an uncontrolled search path, potentially allowing a local attacker to execute arbitrary code with elevated privileges.<p>A security flaw, identified as CVE-2026-4545, exists within Flos Freeware Notepad2 version 4.2.25. The vulnerability resides in an unspecified function within the PROPSYS.dll library, leading to an uncontrolled search path issue. Exploitation of this flaw requires local access and is considered to have a high degree of complexity, meaning a successful attack is difficult to execute. The vendor, Flos Freeware, was notified about this vulnerability, but has not responded. Successful exploitation…</p> highadvisorycveuncontrolled search pathprivilege escalation