Medium severity6.5NVD Advisory· Published May 1, 2026· Updated May 11, 2026
CVE-2026-23863
CVE-2026-23863
Description
An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of exploitation in the wild.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- www.facebook.com/security/advisories/cve-2026-23863nvdThird Party Advisory
- www.whatsapp.com/security/advisories/2026nvdVendor Advisory
News mentions
2- ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and MoreThe Hacker News · May 11, 2026
- WhatsApp Discloses File Spoofing, Arbitrary URL Scheme VulnerabilitiesSecurityWeek · May 5, 2026