WhatsApp users are advised to review their settings and ensure they have the latest app version installed following the confirmation of two software vulnerabilities. The security flaws impact the handling of media files and attachments, as well as Windows users of WhatsApp. While the vulnerabilities do not automatically infect devices, they could facilitate cybercriminals in executing social engineering attacks or combining them with other vulnerabilities for more severe threats, according to experts at Malwarebytes.
These vulnerabilities, known as CVE-2026-23866 and CVE-2026-23863, were identified through Meta’s Bug Bounty program. Although there is no evidence of real-world exploitation or phone infections, WhatsApp has released an update, urging users to check their settings for protection. Users are strongly advised to ensure their WhatsApp is fully updated on their devices.
To update WhatsApp on Android, users can visit the Google Play Store, search for WhatsApp Messenger, and tap “Update.” For iPhone users, they should open the App Store, tap their profile icon, scroll to WhatsApp, and select “Update.” Once the update is completed, devices will be secure from potential attacks.
In related news, older Android devices may soon lose access to WhatsApp as the messaging platform plans to discontinue support for devices running versions older than Android 6 from September 8, 2026, as reported by WABetaInfo. Affected users may receive a message indicating that WhatsApp will no longer function on their device later in the year. However, the impact is expected to be minimal, considering that Android 6 was released in 2015 and is no longer widely used on current smartphones.