CVE-2026-23863

Q: What is the severity of CVE-2026-23863?

The severity of CVE-2026-23863 is deemed high due to the potential for attachment spoofing in WhatsApp for Windows.

Q: How do I fix CVE-2026-23863?

To fix CVE-2026-23863, users should upgrade to WhatsApp for Windows version 2.3000.1032164386.258709 or later.

Q: What types of files are affected by CVE-2026-23863?

CVE-2026-23863 affects documents with maliciously formatted embedded NUL bytes in their filenames.

Q: Can CVE-2026-23863 lead to code execution?

Yes, CVE-2026-23863 can lead to code execution, as the spoofed attachment could run as an executable when opened.

Q: Which versions of WhatsApp for Windows are vulnerable to CVE-2026-23863?

WhatsApp for Windows versions prior to 2.3000.1032164386.258709 are vulnerable to CVE-2026-23863.

Published May 1, 2026

Updated

An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of exploitation in the wild.

Affected Software

2 affected components

WhatsApp WhatsApp for Windows<2.3000.1032164386.258709

WhatsApp Whatsapp Windows<2.3000.1032164386.258709

Event History

May 1, 2026

CVE Published

via MITRE·04:01 PM

Data Sourced

via MITRE·04:01 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·04:16 PM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2026-23863?

The severity of CVE-2026-23863 is deemed high due to the potential for attachment spoofing in WhatsApp for Windows.

How do I fix CVE-2026-23863?

To fix CVE-2026-23863, users should upgrade to WhatsApp for Windows version 2.3000.1032164386.258709 or later.

What types of files are affected by CVE-2026-23863?

CVE-2026-23863 affects documents with maliciously formatted embedded NUL bytes in their filenames.

Can CVE-2026-23863 lead to code execution?

Yes, CVE-2026-23863 can lead to code execution, as the spoofed attachment could run as an executable when opened.

Which versions of WhatsApp for Windows are vulnerable to CVE-2026-23863?

WhatsApp for Windows versions prior to 2.3000.1032164386.258709 are vulnerable to CVE-2026-23863.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.