Notepad's new Markdown powers served with a side of RCE

Microsoft recently added Markdown support to Notepad, but researchers found it can be exploited for remote code execution (RCE). Tracked as CVE-2026-20841, the vulnerability requires social engineering to trick users into opening a malicious Markdown file. Microsoft has patched the flaw, but it highlights the risks of adding new features to widely-used applications.