Taggart 
Here's my CVE-2026-20841 PoC.
(Not really, but I have a feeling it's something that rhymes with this)
And shoutout as always to @hexacorn for this resource: https://www.hexacorn.com/blog/2018/06/25/url-schemes-in-win-10/
tehfishman
@tehfishman Did you get a warning before that opened?
@mttaggart Yeah, it pops up a "this might be dangerous" warning, so it's not zero interaction. Also cmd.exe works, but not powershell for some reason. I also can't quite figure out how to pass arguments though, but otherwise this is real close to powershell.exe -EncodedCommand <base64payload>
@mttaggart So powershell.exe was probably blocked for me because I was testing it on my regular workstation, which does have crowdstrike on it, and crowdstrike did have words to say about that. Namely "Process blocked".
Mira@mttaggart Ya gotta wonder just how much effort it took Microslop to turn a text editor into a threat vector. I wish I could find a version of Intel’s aedit that would run on modern machines
@mira Welp https://github.com/microsoft/edit
Also Helix is just fine on Windows!
@mttaggart Hmm, I just might have to check that out. Thank you