Hello,
We are seeing a possible false positive for CVE-2026-23863 in WhatsApp Desktop on Windows.
Wazuh version: 4.14.6
Windows version: Windows 11
Wazuh Vulnerability Detection reports:
Package: WhatsApp
Package version: 2.2625.101.0
PowerShell reports:
Get-AppxPackage *WhatsApp*
Name : 5319275A.WhatsAppDesktop
Version : 2.2625.101.0
However, the application itself shows:
WhatsApp > Help > About
Version:
2.3000.1043053164.262501
CVE:
CVE-2026-23863
According to the advisory, the vulnerability is fixed in:
2.3000.1032164386.258709.
Expected result:
The CVE should not be reported because the version shown by the application is newer than the patched version.
Actual result:
Wazuh still reports the CVE.
Has anyone observed a mismatch between MSIX/AppX package versions and WhatsApp internal build versions?
Thanks.