CyberSec.Space Logo
Back to CVE Browser

CVE-2019-18426

Known Exploited (CISA KEV)HIGH
8.2
CVSS Severity Score
EPSS Score32.8510%
EPSS Percentile96.48th
PublishedJan 21, 2020
Last ModifiedOct 24, 2025

Vulnerability Description

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.

Affected Platforms (CPE)

πŸ“¦
Whatsapp

Whatsapp

< 0.3.9309
πŸ“¦
Whatsapp

Whatsapp

< 2.20.10

References & Advisories

πŸ”— http://packetstormsecurity.com/files/157097/WhatsApp-Desktop-0.3.9308-Cross-Site-Scripting.html
πŸ”— https://www.facebook.com/security/advisories/cve-2019-18426
πŸ”— http://packetstormsecurity.com/files/157097/WhatsApp-Desktop-0.3.9308-Cross-Site-Scripting.html
πŸ”— https://www.facebook.com/security/advisories/cve-2019-18426
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-18426

Related Vulnerabilities

CVE-2020-188910.0

A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron ...

CVE-2018-63399.8

When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed ...

CVE-2018-63499.8

When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-ba...

CVE-2018-206559.8

When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based ...