Security researchers have identified two software vulnerabilities in WhatsApp that users need to address immediately. One of the flaws impacts how media files and attachments are managed, while the other affects WhatsApp for Windows users. Although these vulnerabilities do not automatically infect devices, they could potentially be exploited by cybercriminals for social engineering attacks or in combination with other vulnerabilities.
The identified vulnerabilities, known as CVE-2026-23866 and CVE-2026-23863, were discovered through Meta’s Bug Bounty program. While there is currently no evidence of real-world attacks using these flaws to infect phones, WhatsApp has released an update as a precautionary measure, urging users to review their settings.
To safeguard against potential threats, users must ensure they have the latest version of WhatsApp installed on their devices. Android users can update the app by accessing the Google Play Store and selecting the update option for WhatsApp Messenger. iPhone users should go to the App Store, locate WhatsApp in their profile, and update the app accordingly. Once the update is complete, devices will be shielded from future security risks.
In related news, older Android devices may soon lose access to WhatsApp as the platform plans to discontinue support for devices running versions older than Android 6 starting September 8, 2026. Affected users may receive a notification indicating that WhatsApp will no longer function on their devices later in the year. However, this change is unlikely to impact most users, as Android 6 was released in 2015 and is now outdated on modern smartphones.