CVE Tools

whatsapp

Communicationscommercial

17

Cumulative CVEs

4

Monthly snapshots

#65

Peak rank

Top products

whatsapp2 whatsapp business2

Latest CVEs

The 15 most recently published vulnerabilities affecting whatsapp.

CVE-2026-23866Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to tri...4.3May 1, 2026
CVE-2026-23863An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the...6.5May 1, 2026
CVE-2025-55179Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigge...5.4Nov 18, 2025
CVE-2025-55177Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allow...KEV5.4Aug 29, 2025
CVE-2025-30401A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename exte...6.7Apr 5, 2025
CVE-2023-38538A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low proba...5.0Oct 4, 2023
CVE-2023-38537A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpecte...5.6Oct 4, 2023
CVE-2022-27492An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file.7.8Sep 23, 2022
CVE-2022-36934An integer overflow in WhatsApp could result in remote code execution in an established video call.9.8Sep 22, 2022
CVE-2020-20096Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.6.5Mar 23, 2022
CVE-2021-24043A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230....9.1Feb 2, 2022
CVE-2021-24042The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, Wha...9.8Jan 4, 2022
CVE-2021-24041A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malici...9.8Dec 7, 2021
CVE-2021-24035A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite ...9.1Jun 11, 2021
CVE-2021-24027A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to re...7.5Apr 6, 2021