Following recent findings by security researchers, WhatsApp users are advised to review their app settings and ensure they are running the latest version. Identified vulnerabilities in the messaging platform involve the handling of media files and attachments, as well as specific issues affecting Windows users.
Although the flaws do not currently lead to automatic device infections, they could potentially facilitate social engineering attacks by cybercriminals or be combined with other vulnerabilities to pose more severe threats. A malicious message could deceive a device into opening content from an untrusted source.
These vulnerabilities, labeled as CVE-2026-23866 and CVE-2026-23863, were uncovered through Meta’s Bug Bounty program. While there is no evidence of real-world exploitation or phone infections, WhatsApp stresses the importance of updating the app as a precautionary measure.
To safeguard against potential risks, users are strongly advised to ensure that WhatsApp is fully up-to-date on their devices. Android users can update the app via the Google Play Store by searching for WhatsApp Messenger and selecting “Update.” iPhone users should access the App Store, navigate to their profile icon, locate WhatsApp, and choose “Update.”
Once the update is complete, devices will be shielded from possible future attacks. Additionally, users are alerted that older Android devices may soon lose access to WhatsApp, with support planned to end for versions preceding Android 6 from September 8, 2026. Affected individuals may receive a notification stating that WhatsApp will no longer function on their device.
While this development may impact some users, it is anticipated to have minimal repercussions as Android 6, released in 2015, is now seldom used on contemporary smartphones.