Skip to content
logo The magazine for digital lifestyle and entertainment
A brand of Bild
CoBi Messenger News Security WhatsApp All topics
Apps and Windows Version Affected

Security Flaws in WhatsApp! Update Urgently Needed

Will WhatsApp Messages Soon Require a PIN to Send?
WhatsApp users should update the messenger immediately Photo: picture alliance / ZUMAPRESS.com
Share article

May 11, 2026, 1:34 pm | Read time: 3 minutes

Two newly discovered security vulnerabilities in WhatsApp could quickly become a risk in everyday life. Messages and attachments are particularly at the center of these weaknesses. Meta has already responded and provided updates. Users should immediately check if their app is up to date to avoid potential dangers.

WhatsApp is a part of daily life for many people, whether for personal communication or work. They often open content like photos, videos, or documents without much scrutiny. However, this approach can be problematic, as shown by two discovered security vulnerabilities. According to a report by the cybersecurity company Malwarebytes, these weaknesses mainly affect the handling of messages and attachments.

Both Apps and Windows Version Affected

One of the vulnerabilities affects the mobile versions of WhatsApp. On iPhones, WhatsApp and WhatsApp Business in versions before 25.15.70 are vulnerable, and on Android devices, versions before 2.26.15.69.

The vulnerability identified as CVE-2026-23866 is related to AI-generated rich-response messages in which Instagram Reels are embedded. Due to incomplete verification, a manipulated message could cause WhatsApp to load media content from an attacker-controlled internet address. For users, this means that seemingly harmless messages could load content from external sources in the background.

The second vulnerability affects WhatsApp for Windows in versions before 2.3000.1032164386.258709. It is identified under CVE-2026-23863. The cause is filenames with so-called NUL characters. These serve as placeholders in data streams and are usually ignored by the program.

However, in WhatsApp, such filenames were not processed correctly. As a result, an attachment could appear more harmless than it actually was. A file could, for example, look like a regular document but start as an executable file when opened. This increases the risk that users might open dangerous attachments because they initially appear inconspicuous in the app.

Also of interest: WhatsApp brings more order to the chat overview

WhatsApp Updates Close the Security Gaps

According to the security company, there is currently no evidence that fraudsters have actively exploited the vulnerabilities. Nevertheless, Meta has already responded and released the necessary updates.

Users should therefore update WhatsApp on all devices. On Android, this is done via the Google Play Store, and on the iPhone via the App Store. There, the respective app page can be opened, and an available update can be installed. For the Windows version, the installed version can be checked via the profile picture and the “Help and Feedback” section. If it is below the specified version number, the update should be carried out via the Microsoft Store.

This article is a machine translation of the original German version of TECHBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@techbook.de.

You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.