.png){kind=logo}
Meta has released a new security advisory confirming it has fixed two vulnerabilities found within WhatsApp. These flaws were discovered by independent researchers through the company’s bug bounty program. While the bugs were labeled as medium risk, Meta confirms there is no sign that hackers ever used them to attack users. Both issues are now patched, and users are urged to update their apps to stay safe.
The first issue, known as CVE-2026-23863, affected the Windows version of WhatsApp. This bug involved attachment spoofing, where a sneaky file could trick the app into showing a safe-looking document name. However, if a user opened it, the file could actually run as a dangerous program. This was possible because of how the app read certain hidden characters in filenames. Meta fixed this issue earlier this year for all Windows users on the latest version.
The second flaw, CVE-2026-23866, was found in the mobile apps for both Android and iOS. This bug was linked to how WhatsApp handled AI-rich responses for Instagram Reels. A person could have sent a message that forced another user's phone to open a web link or run a specific command without their permission. This mobile patch was rolled out in April to close the gap.
Meta thanked the security community for finding these problems before they became real threats. For fifteen years, the company has paid researchers to find bugs so they can fix them quietly. A WhatsApp spokesperson noted that they are always working to make their systems tougher against hackers.
To stay protected, experts say you should always turn on automatic updates. If your WhatsApp version is current, you are already protected from these specific threats. While no app is perfectly safe, moving from regular text messages to encrypted apps like WhatsApp or Signal is seen as a better choice for privacy.
Also Read: WhatsApp Adds In-App Prepaid Recharge Feature for Indian Users
These fixes show that even the most popular apps have hidden cracks. The fact that Meta found and closed these holes before hackers could use them is a big win for user privacy. It proves that paying outside experts to hunt for flaws works well. Users should take this as a clear reminder to update their apps immediately to keep their data locked away from prying eyes.
