Safety note-Notepad plus plus

06. February 2026

A current security message regarding Notepad++

Dear colleagues,

A serious security vulnerability has become known in the Windows text editor Notepad++: https://www.heise.de/news/Notepad-Updater-installierte-Malware-11109571.html and https://www.heise.de/news/Notepad-Updater-Uebernahme-durch-staatliche-Akteure-11162101.html

If Notepad++ is installed on the end devices and/or systems / servers / VMs used by you, a manual update to at least version v8.8.9 must be carried out.

The downloads are available via the product website https://notepad-plus-plus.org/downloads/.

https://nvd.nist.gov/vuln/detail/CVE-2025-56383
https://nvd.nist.gov/vuln/detail/CVE-2025-15556

This is to be implemented by 13 February 2026 at the latest.

With kind regards

The IKMZ team