VYPR
Medium severity6.5NVD Advisory· Published May 1, 2026· Updated May 11, 2026

CVE-2026-23863

CVE-2026-23863

Description

An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of exploitation in the wild.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Whatsapp/Whatsapp2 versions
    cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:windows:*:*+ 1 more
    • cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:windows:*:*range: <2.3000.1032164386.258709
    • (no CPE)range: <2.3000.1032164386.258709

Patches

Vulnerability mechanics

References

2

News mentions

2