Users of WhatsApp are advised to review their settings and ensure they have the latest version of the application installed following the discovery of two potential security vulnerabilities. Security experts have identified flaws in how media files and attachments are managed, as well as a specific issue affecting Windows users of WhatsApp.
Although the vulnerabilities do not automatically lead to device infections, they could facilitate social engineering attacks by cybercriminals or be combined with other vulnerabilities to pose more severe threats. A malicious message could deceive a device into opening content from an untrusted source, as indicated by Malwarebytes experts.
These vulnerabilities, known as CVE-2026-23866 and CVE-2026-23863, were uncovered through Meta’s Bug Bounty program. There is currently no evidence of real-world exploitation or phone infections related to these flaws, with WhatsApp stating they have not observed any exploitation in practice.
Nonetheless, the Meta-owned company has released an update and strongly advises users to review their settings. To ensure protection, users should verify that WhatsApp is fully updated on their devices.
For Android users, updating WhatsApp involves accessing the Google Play Store, searching for WhatsApp Messenger, and selecting “Update.” iPhone users can update WhatsApp by opening the App Store, tapping on their profile icon, locating WhatsApp, and choosing “Update.”
After updating, phones will be safeguarded against potential future attacks. In related news, some older Android devices may lose access to WhatsApp soon, with support ending for devices running versions older than Android 6 from September 8, 2026, according to WABetaInfo. Affected users may receive a message stating that WhatsApp will cease to function on their devices.
While most individuals are unlikely to be affected, as Android 6 was released in 2015 and is now seldom used on modern smartphones, it is recommended to stay informed about these updates for device compatibility.