CVE-2026-23863

Medienbericht

EPSS 0.53%
Veröffentlicht 01.05.2026 16:16:29
Zuletzt bearbeitet 11.05.2026 19:59:52
Quelle cve-assign@fb.com
CVE-Watchlists
Login
Unerledigt
Login

An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of exploitation in the wild.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

WhatsApp ≫ WhatsApp SwPlatformwindows Version < 2.3000.1032164386.258709

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.53%	0.405

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cve-assign@fb.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE-158 Improper Neutralization of Null Byte or NUL Character

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

11.05.2026 16:03

https://www.facebook.com/security/advisories/cve-2026-23863

Third Party Advisory

https://www.whatsapp.com/security/advisories/2026

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-23863

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23863

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23863

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-23863