In a recent security update, Meta Platforms has disclosed 2 vulnerabilities in WhatsApp, both of which have been fixed with no evidence of exploitation in the wild.
The advisory, published on May 1, highlights vulnerabilities tracked as CVE-2026-23863 and CVE-2026-23866. Both were rated medium severity under the Common Vulnerability Scoring System and were reported through WhatsApp’s long-running bug bounty program.
The update comes at a time when concerns around messaging security are rising, including incidents like SMS pumping attacks that can rapidly increase phone bills. This has led to growing interest in secure messaging platforms such as Signal and WhatsApp. Despite recent threats like phishing campaigns and spyware risks targeting users, Meta continues to strengthen its security framework.
A WhatsApp spokesperson said, “Both were promptly fixed, and we have not seen evidence of exploitation in the wild.” The company also added, “We continuously invest in hardening our systems and are grateful for the security research community’s help in keeping WhatsApp safe.”
The first vulnerability, CVE-2026-23863, affected WhatsApp for Windows versions prior to v2.3000.1032164386.258709. It involved an attachment spoofing issue where a malicious file could appear as one format but execute as another when opened, due to embedded NUL bytes in the filename. This issue was patched earlier this year.
The second vulnerability, CVE-2026-23866, was patched in April. It impacted WhatsApp on both iOS (v2.25.8.0 – v2.26.7.22) and Android (v2.25.8.0 – v2.26.7.10). The flaw involved incomplete validation of AI-rich response messages for Instagram Reels, which could allow media content to be processed from an arbitrary URL, potentially triggering OS-level handlers on a user’s device.
Importantly, both vulnerabilities were identified before any real-world exploitation. The company has urged users to keep their apps updated to ensure continued protection.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
