Notepad++ released a security advisory addressing three vulnerabilities, including two arbitrary code execution flaws, that could allow attackers to silently run malicious code on a victim’s machine. The most critical vulnerability among the three is CVE-2026-48778, which can lead to an arbitrary code execution issue via config.xml files.