What is CVE-2026-23863?

CVE-2026-23863 is a medium-severity vulnerability in Facebook Whatsapp Desktop For Windows, classified under CWE-158. CVSS score: 6.5/10. Published 2026-05-01.

How severe is CVE-2026-23863?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Facebook Whatsapp Desktop For Windows

CVE-2026-23863

An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run a…

EPSS: 0.000 (1.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N.

Affected products

Facebook Whatsapp Desktop For Windows — versions 2.3000.*.252500
Whatsapp

Weakness classification (CWE)

CWE-158

References

cve-assign@fb.com (x_refsource_CONFIRM, Third Party Advisory)
cve-assign@fb.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2026-23863?: CVE-2026-23863 is a medium-severity vulnerability in Facebook Whatsapp Desktop For Windows, classified under CWE-158. CVSS score: 6.5/10. Published 2026-05-01.
How severe is CVE-2026-23863?: Medium severity. CVSS v3 base score is 6.5 out of 10.