News Notepad++ path traversal bypass can execute commands without a prompt (CVE-2026-52884) June 12, 2026 / June 12, 2026 by Alex Mira | Leave a Comment A Notepad++ advisory (CVE-2026-52884) describes a path traversal bypass that can execute commands without the editor’s usual confirmation dialog. Attack paths involve tampering with shortcuts.xml or redirecting the settings directory. Patch status is unclear; monitor the advisory and handle configuration files with care. Read more » Configuration Files CVE-2026-52884 GitHub Security Advisory Notepad++ Path Traversal Windows security
News Claude Code CVE-2026-39861: symlink-assisted sandbox escape fixed May 13, 2026 / May 13, 2026 by Alex Mira | Leave a Comment A GitHub advisory for CVE-2026-39861 details a symlink-based sandbox escape in Claude Code, now fixed. A separate CVE in jotty.page (CVE-2026-42564) addresses an unauthenticated path traversal fixed in 1.22.0. Read more » Claude Code cve Path Traversal Sandbox Security advisory Symlink
