CVE-2019-18426

CVE-2019-18426

Vendor Facebook

Product WhatsApp Desktop

Weakness CWE-79 · XSS

KEV Status Known Exploited

Published January 21, 2020

Last update October 21, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

January 21, 2020 CVE published

October 21, 2025 Record updated

External resources

04References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-18426 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html CISA KEV Reference https://nvd.nist.gov/vuln/detail/CVE-2019-18426

Related vulnerabilities

Identifiers

CVE CVE-2019-18426

CWE CWE-79

Affected versions

Vendor Facebook

Product WhatsApp Desktop

Affected 0.3.9309

Vendor Facebook

Product WhatsApp Desktop

Affected ≥ unspecified and < 0.3.9309

01Description

02CISA Required Action

03Disclosure timeline

04References

05Related CVE