cbcvebase.

Facebook Whatsapp For Android vulnerabilities

23 known vulnerabilities affecting facebook/whatsapp_for_android.

Total CVEs
23
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL10HIGH8MEDIUM4LOW1

Vulnerabilities

Page 2 of 2
CVE-2026-23866P4MEDIUMCVSS 4.3≥ 2.25.8.0, < 2.26.7.102026-05-01
CVE-2026-23866 [MEDIUM] CWE-940 CVE-2026-23866: Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggering OS-controlled custom URL scheme handlers. We have no
nvd
CVE-2023-38538P4MEDIUMCVSS 5.0fixed in 2.23.10.772023-10-04
CVE-2023-38538 [MEDIUM] CWE-362 CVE-2023-38538: A race condition in an event subsystem led to a heap use-after-free issue in established audio/video A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.
nvd
CVE-2020-1905P4LOWCVSS 3.3v2.20.185≥ unspecified, < 2.20.1852020-10-06
CVE-2020-1905 [LOW] CWE-340 CVE-2020-1905: Media ContentProvider URIs used for opening attachments in other apps were generated sequentially pr Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, which could have allowed a malicious third party app chosen to open the file to guess the URIs for previously opened attachments until the opener app is terminated.
nvd
Facebook Whatsapp For Android vulnerabilities | cvebase