vulnerability
NotepadPlusPlus: Uncontrolled Search Path Element (CVE-2022-32168)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:N/C:C/I:C/A:C) | Sep 28, 2022 | Mar 17, 2023 | Apr 7, 2026 |
Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
Sep 28, 2022
Added
Mar 17, 2023
Modified
Apr 7, 2026
Description
Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.
Solution
notepadplusplus-upgrade
References
- CVE-2022-32168
- https://attackerkb.com/topics/CVE-2022-32168
- CWE-427
- EUVD-EUVD-2022-53398
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-53398
- https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e
- https://www.mend.io/vulnerability-database/CVE-2022-32168
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.