High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2026-23512
High
Low
Medium
High
Critical
8.6
CVSS Score
Published: Jan 14, 2026
Last Modified: Jan 14, 2026
Vulnerability Description
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting. On Windows, this allows execution of a malicious notepad.exe placed in the application's installation directory, leading to arbitrary code execution.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
L
Attack Complexity
L
Privileges Required
N
User Interaction
R
Scope
C
Confidentiality
H
Integrity
H
Availability
H
Severity Details
8.6
out of 10.0
High
Key Information
- Published Date
- January 14, 2026
