Users of WhatsApp are advised to review their settings and ensure they have the latest version of the app installed, following the discovery of two critical software vulnerabilities. Security experts have identified issues related to the handling of media files and attachments, as well as a specific vulnerability affecting Windows users of WhatsApp.
Malwarebytes experts have highlighted that although these vulnerabilities do not automatically infect devices, they could potentially be exploited by cybercriminals for social engineering attacks. These vulnerabilities, named CVE-2026-23866 and CVE-2026-23863, were uncovered through Meta’s Bug Bounty program.
There is currently no evidence of these vulnerabilities being exploited in real-world attacks. WhatsApp has stated that they have not observed any exploitation in practice. Nevertheless, an update has been issued by WhatsApp, urging users to verify their settings to stay protected.
To ensure security, users are advised to promptly update WhatsApp on their devices. Android users can update via the Google Play Store by locating WhatsApp Messenger and selecting “Update.” iPhone users should access the App Store, navigate to WhatsApp, and choose “Update.”
Following the update, devices will be safeguarded against potential threats. Meanwhile, WhatsApp has announced plans to discontinue support for older Android devices running versions earlier than Android 6, starting from September 8, 2026. Affected users may receive a message notifying them of this upcoming change.
Most users are unlikely to be impacted by this change, as Android 6 is an older version released in 2015 and is uncommon on modern smartphones.