CVE-2026-23863_CVE-2026-23863

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C

Description

An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of exploitation in the wild.

Basic Information

ID CVE-2026-23863

Source Meta

Published May 1, 2026 at 16:01

Modified May 1, 2026 at 17:41

Affected Product

Vendor Facebook

Product WhatsApp Desktop for Windows

Version 2.3000.*.252500

Affected Versions Facebook WhatsApp Desktop for Windows 2.3000.*.252500

CWE Classification

CWE-158

References

{
    "lastseen": "",
    "description": "An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of exploitation in the wild.",
    "published": "2026-05-01T16:01:39.565Z",
    "modified": "2026-05-01T17:41:14.681Z",
    "type": "cve",
    "title": "CVE-2026-23863",
    "source": "Meta",
    "references": "https://www.facebook.com/security/advisories/cve-2026-23863\nhttps://www.whatsapp.com/security/advisories/2026",
    "id": "CVE-2026-23863",
    "bulletinFamily": "",
    "cwe": [
        "CWE-158"
    ],
    "cvelist": null,
    "sourceData": "Facebook WhatsApp Desktop for Windows 2.3000.*.252500",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WhatsApp Desktop for Windows",
    "version": "2.3000.*.252500",
    "vendor": "Facebook",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}