Notepad CVE-2026-20841 Audit for N-central and N-sight

Notepad CVE-2026-20841 Vulnerability Audit (Windows Store AppX)

Added a detection script that audits the Windows Store version of Notepad (Microsoft.WindowsNotepad) across all user profiles on a device to identify versions vulnerable to CVE-2026-20841.

What it checks:

Enumerates user profiles on the endpoint
Queries installed AppX packages for Microsoft.WindowsNotepad
Detects vulnerable versions in the range:
11.0.0.0 through 11.2510.0.0 (inclusive)

Why it matters:

CVE-2026-20841 is a high severity remote code execution vulnerability (CVSS 8.8) affecting the Notepad app's Markdown rendering engine. This audit helps MSPs and IT teams quickly identify endpoints that may require remediation or further investigation.

Notes:

Detection only, no changes are made to the endpoint
Designed for use in monitoring, compliance checks, and proactive vulnerability response workflows

https://developer.n-able.com/n-central/recipes/notepad-cve-2026-20841-audit