Known Vulnerabilities for products from Whatsapp
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Whatsapp".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-39696 json | Not Provided | 2026-04-08 | 2026-04-08 | |
| CVE-2026-35589 json | Not Provided | 2026-04-14 | 2026-04-15 | |
| CVE-2026-34758 json | Not Provided | 2026-04-02 | 2026-04-03 | |
| CVE-2026-23866 json | Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and Whats... | Not Provided | 2026-05-01 | 2026-05-11 |
| CVE-2026-23863 json | An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously format... | Not Provided | 2026-05-01 | 2026-05-11 |
| CVE-2026-10264 json | Not Provided | 2026-06-01 | 2026-06-01 | |
| CVE-2025-39411 json | Not Provided | 2025-05-19 | 2026-04-23 | |
| CVE-2025-31056 json | Not Provided | 2025-05-23 | 2026-04-23 | |
| CVE-2025-25138 json | Not Provided | 2025-02-07 | 2026-04-23 | |
| CVE-2024-52489 json | Not Provided | 2024-12-02 | 2026-04-23 | |
| CVE-2023-38538 json | A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have re... | 5 - MEDIUM | 2023-10-04 | 2023-11-07 |
| CVE-2023-38537 json | A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming au... | 5.6 - MEDIUM | 2023-10-04 | 2023-11-07 |
| CVE-2022-36934 json | An integer overflow in WhatsApp could result in remote code execution in an established video call. | 9.8 - CRITICAL | 2022-09-22 | 2022-09-24 |
| CVE-2022-27492 json | An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file. | 7.8 - HIGH | 2022-09-23 | 2022-09-23 |
| CVE-2021-24043 json | A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21... | 9.1 - CRITICAL | 2022-02-02 | 2022-02-07 |
| CVE-2021-24042 json | The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for i... | 9.8 - CRITICAL | 2022-01-04 | 2022-01-14 |
| CVE-2021-24041 json | A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.2... | 9.8 - CRITICAL | 2021-12-07 | 2021-12-08 |
| CVE-2021-24035 json | A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Andr... | 9.1 - CRITICAL | 2021-06-11 | 2021-06-21 |
| CVE-2021-24027 json | A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have al... | 7.5 - HIGH | 2021-04-06 | 2022-08-30 |
| CVE-2021-24026 json | A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsA... | 9.8 - CRITICAL | 2021-04-06 | 2021-04-15 |
Known software with vulnerabilities from Whatsapp
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | - | ||
| Application | Whatsapp Business | 2.19.100 | |
| Application | Whatsapp Enterprise Client | - |