Meta has announced important security updates for WhatsApp, addressing two vulnerabilities that could compromise user devices. The first vulnerability, tracked as CVE-2026-23866, affects how WhatsApp processes AI-generated rich response messages containing Instagram Reels. This flaw allows specially crafted messages to load media from attacker-controlled URLs, potentially triggering harmful actions on users' devices. The second issue, CVE-2026-23863, pertains to WhatsApp for Windows, where maliciously formatted documents could appear as one file type but execute as another when opened. Meta has confirmed that there is currently no evidence of these vulnerabilities being exploited. Users are advised to update their apps on both Android and iOS to ensure their devices are secure. Updating WhatsApp is straightforward: Android users can do so via the Google Play Store, while iOS users can update through the App Store.