HIGH 8.2 KEV Published on 2020-01-21

CVE-2019-18426

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.

CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

EPSS 61.0% percentile 98.3%

CISA Known Exploited Vulnerability

Added to KEV: 2022-05-23
Remediation deadline: 2022-06-13
Required action: Apply updates per vendor instructions.
Ransomware: No

Affected tracked apps

net.whatsapp.WhatsApp

1 open 1 exploited

Vulnerable CPE configurations

Vendor	Product	Platform	Versions	CPE 2.3 URI
whatsapp	whatsapp iOS	iOS	<2.20.10	cpe:2.3:a:whatsapp:whatsapp::::::iphone_os::*

View on NVD ↗ CISA KEV catalog ↗