Security experts have raised alarm over two critical vulnerabilities found in WhatsApp, urging all users to review their settings and update to the latest version of the application. Malwarebytes researchers highlighted the potential risks associated with these flaws, which could be exploited by cybercriminals for social engineering attacks or in combination with other security weaknesses.
The identified vulnerabilities, known as CVE-2026-23866 and CVE-2026-23863, were uncovered as part of Meta’s Bug Bounty program. While there have been no reported instances of these flaws being exploited in real-world scenarios, WhatsApp has issued a proactive update to address the issues and advises users to verify their settings for added security.
To safeguard against potential threats, users are advised to ensure that their WhatsApp app is fully updated on their devices. Android users can update via the Google Play Store by searching for WhatsApp Messenger and selecting “Update,” while iPhone users can update by accessing the App Store, locating WhatsApp in their profile, and choosing “Update.”
In a related development, WhatsApp is set to discontinue support for older Android devices running versions preceding Android 6 from September 8, 2026. Affected users may receive notifications indicating that WhatsApp will cease to function on their devices. However, the impact is expected to be minimal as Android 6 was released in 2015 and is no longer common on current smartphones.