WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities
The vulnerabilities were reported to Meta through its bug bounty program and were patched with updates released earlier this year. The post WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities appeared first on SecurityWeek.
Meta-owned WhatsApp has published two new security advisories describing vulnerabilities that were patched earlier this year in the popular messaging app.
One of the vulnerabilities is CVE-2026-23863, a medium-impact attachment spoofing issue affecting WhatsApp for Windows prior to version 2.3000.1032164386.258709.
An attacker could have exploited the flaw to create a maliciously formatted document with embedded NUL bytes in the file name. When sent as an attachment, the recipient would see it as a harmless file, but it would run as an executable when opened, WhatsApp’s advisory explains.
Source: https://www.securityweek.com/whatsapp-discloses-file-spoofing-arbitrary-url-scheme-vulnerabilities/
Related breach coverage
- Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server2026-05-05
The most severe of these security defects could allow remote attackers to execute arbitrary code. The post Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server appeared first on SecurityWeek.
- MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs2026-05-05
The security defects allow unauthenticated, remote attackers to execute arbitrary code through crafted requests. The post MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek.
- Oracle Debuts Monthly Critical Security Patch Updates2026-05-06
Containing fixes for critical-severity vulnerabilities, the monthly rollouts will focus on addressing priority issues faster. The post Oracle Debuts Monthly Critical Security Patch Updates appeared first on SecurityWeek.
- Cisco Patches High-Severity Vulnerabilities in Enterprise Products2026-05-07
Successful exploitation of the flaws could lead to code execution, server-side request forgery attacks, and denial-of-service conditions. The post Cisco Patches High-Severity Vulnerabilities in Enterprise Products appeared first on SecurityWeek.