Download
Features
CallingMessagingGroupsChannelsMeta AIStatusSecurityWhatsApp Plus
PrivacyBlogAppsHelp CenterFor Business
Log In
Download

WhatsApp Security Advisories

2026 Updates

CVE-2026-23866

Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggering OS-controlled custom URL scheme handlers. We have not seen evidence of exploitation in the wild.

Acknowledgements: External Researcher via Meta Bug Bounty submission and Meta Security Team.

CVE-2026-23863

An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of exploitation in the wild.

Acknowledgements: External Researcher via Meta Bug Bounty submission

Download
WhatsApp Main Logo
WhatsApp Main Logo
Download

What we do

  • Features
  • Blog
  • Security
  • For Business

Who we are

  • About us
  • Careers
  • Brand Center
  • Privacy

Use WhatsApp

  • Android
  • iPhone
  • Mac/PC
  • WhatsApp Web

Need help?

  • Contact Us
  • Help Center
  • Apps
  • Security Advisories
Download

2026 © WhatsApp LLC

Terms & Privacy PolicySitemap