Security experts have identified two critical software vulnerabilities in WhatsApp that could potentially expose users to cyber threats. The flaws, known as CVE-2026-23866 and CVE-2026-23863, were discovered as part of Meta’s Bug Bounty program. While there is no evidence of these vulnerabilities being exploited in real-world attacks, experts warn that they could be used by cybercriminals for social engineering attacks.
One of the vulnerabilities affects how media files and attachments are handled within the messaging service, while the other impacts WhatsApp users on Windows. Malwarebytes, a cybersecurity firm, emphasized that although these vulnerabilities do not automatically infect devices, they could be exploited in conjunction with other vulnerabilities to launch more serious attacks.
WhatsApp has urged users to update their app to the latest version to mitigate these risks. By ensuring their WhatsApp is fully updated, users can safeguard their devices against potential security threats. Android users can update WhatsApp via the Google Play Store, while iPhone users can update through the App Store.
Moreover, WhatsApp is planning to discontinue support for older Android devices running versions prior to Android 6 starting September 8, 2026. Users of outdated devices may receive a notification warning that WhatsApp will no longer function on their phones. However, the impact is expected to be minimal as Android 6 is an outdated version seldom found on modern smartphones.
It is essential for users to stay vigilant and proactive in updating their apps to protect themselves from evolving cybersecurity risks.