Users of WhatsApp are advised to review their settings and ensure they have the latest version of the app installed due to two security vulnerabilities recently identified by security researchers. One vulnerability impacts how media files and attachments are managed, while the other affects WhatsApp for Windows users.
The experts at Malwarebytes cautioned that although these vulnerabilities do not automatically infect devices, they could potentially be exploited by cybercriminals to carry out social engineering attacks or combine them with other vulnerabilities to pose more serious threats.
Malwarebytes discovered the vulnerabilities, known as CVE-2026-23866 and CVE-2026-23863, through Meta’s Bug Bounty program.
Although there is currently no evidence of these flaws being used in real-world attacks or to infect phones, WhatsApp stated that they have not observed any exploitation in practice.
WhatsApp, owned by Meta, has released an update and strongly advises users to review their settings. To ensure protection, users should update WhatsApp to the latest version on their devices.
For Android users, updating WhatsApp can be done by accessing the Google Play Store, searching for WhatsApp Messenger, and selecting “Update.” iPhone users should open the App Store, tap their profile icon, locate WhatsApp, and choose “Update.”
Once the update is complete, devices will be safeguarded against potential future attacks.
Meanwhile, some older Android devices may soon lose access to WhatsApp entirely. WhatsApp plans to discontinue support for devices running versions older than Android 6 starting from September 8, 2026, as reported by WABetaInfo.
Impacted users may receive a message indicating that WhatsApp will no longer function on their device later in the year. However, most users are unlikely to be affected since Android 6 was introduced in 2015 and is now uncommon on modern smartphones.
