WhatsApp users are advised to review their settings and ensure they have the latest app version installed following the discovery of two critical software vulnerabilities. Security experts have identified issues related to how media files and attachments are managed, as well as a specific concern for Windows users of the messaging platform.
Although these vulnerabilities do not automatically compromise devices, they could potentially facilitate social engineering attacks by cybercriminals. Malwarebytes highlighted the risk of a malicious message tricking a device into opening content from an untrusted source.
The vulnerabilities, labeled as CVE-2026-23866 and CVE-2026-23863, were uncovered through Meta’s Bug Bounty program. While there is no evidence of real-world exploitation or phone infections so far, WhatsApp has released an update as a precautionary measure, urging users to review their settings and ensure their app is up to date.
To safeguard against potential risks, users are encouraged to update WhatsApp on their devices promptly. Android users can achieve this by accessing the Google Play Store, locating WhatsApp Messenger, and selecting “Update.” For iPhone users, updating WhatsApp can be done through the App Store by navigating to their profile icon, finding WhatsApp, and choosing “Update.”
By keeping their app version current, users can protect their devices from future threats. Additionally, a reminder has been issued that older Android devices may face WhatsApp access restrictions soon, with support ending for devices running versions older than Android 6 starting September 8, 2026. While impacted users may receive a notification about the impending incompatibility, the majority of users are unlikely to be affected, given the rarity of Android 6 on modern smartphones.