"CVE-2026-23863 is a medium-impact attachment spoofing issue affecting WhatsApp for Windows prior to version 2.3000.1032164386.258709, allowing attackers to create maliciously formatted documents."
"CVE-2026-23866 affects WhatsApp for iOS and Android, where incomplete validation of AI rich response messages could allow attackers to trigger processing of media content from arbitrary URLs."
"Such custom URL scheme vulnerabilities may allow threat actors to redirect users to phishing sites and launch other apps and services on the device via URL schemes."
WhatsApp has released security advisories for two vulnerabilities patched earlier this year. The first, CVE-2026-23863, affects Windows versions prior to 2.3000.1032164386.258709, allowing attackers to spoof attachments. The second, CVE-2026-23866, impacts iOS and Android versions, enabling attackers to exploit incomplete validation of AI rich response messages. This could lead to media content processing from arbitrary URLs, potentially redirecting users to phishing sites. Both vulnerabilities were disclosed through the Meta bug bounty program, with no evidence of exploitation reported.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]