Possible CVE-2026-23863 false positive in WhatsApp Desktop

60 views
Skip to first unread message

José Santiago Pérez Fernández

unread,
Jul 13, 2026, 2:34:06 PM (6 days ago) Jul 13
to Wazuh | Mailing List
Hello,

We are seeing a possible false positive for CVE-2026-23863 in WhatsApp Desktop on Windows.

Wazuh version: 4.14.6
Windows version: Windows 11

Wazuh Vulnerability Detection reports:

Package: WhatsApp
Package version: 2.2625.101.0

PowerShell reports:

Get-AppxPackage *WhatsApp*

Name : 5319275A.WhatsAppDesktop
Version : 2.2625.101.0

However, the application itself shows:

WhatsApp > Help > About

Version:
2.3000.1043053164.262501

CVE:
CVE-2026-23863

According to the advisory, the vulnerability is fixed in:
2.3000.1032164386.258709.

Expected result:
The CVE should not be reported because the version shown by the application is newer than the patched version.

Actual result:
Wazuh still reports the CVE.

Has anyone observed a mismatch between MSIX/AppX package versions and WhatsApp internal build versions?

Thanks.

Olamilekan Abdullateef Ajani

unread,
Jul 13, 2026, 3:56:48 PM (6 days ago) Jul 13
to Wazuh | Mailing List
Hello

I am looking into this. I just reproduced this scenario, and I can confirm your query. The app version is quite different from what is being captured by syscollector.

I am investigating this internally and will let you know as soon as I have something.

Best regards,

José Santiago Pérez Fernández

unread,
Jul 13, 2026, 5:43:29 PM (6 days ago) Jul 13
to Wazuh | Mailing List, Olamilekan Abdullateef Ajani
Hello,

Thank you for reproducing and confirming the issue.

Please let me know if you need any additional information, logs, or screenshots from my environment.

Best regards,

From: 'Olamilekan Abdullateef Ajani' via Wazuh | Mailing List <wa...@googlegroups.com>
Sent: Monday, July 13, 2026 1:56 PM
To: Wazuh | Mailing List <wa...@googlegroups.com>
Subject: [EXTERNO] Re: Possible CVE-2026-23863 false positive in WhatsApp Desktop
 
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/1-ltuaeGEug/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/wazuh/897c2c05-bb2b-4ab4-9e4c-810b5fd5969cn%40googlegroups.com.
José Santiago Pérez Fernández
Ingeniero en Ciberseguridad / Security Engineer Manager
Teléfono: 55 5363 6248
spe...@canavconsultoria.com.mx
www.canavconsultoria.com.mx
 
Aviso de Confidencialidad – CANAV Consultoría:
Este correo electrónico y/o el material adjunto es para uso exclusivo de la persona o entidad a la que expresamente se le ha enviado, y puede contener información confidencial o material privilegiado de CANAV Consultoría. Si usted no es el destinatario legítimo del mismo, por favor repórtelo inmediatamente al remitente del correo y bórrelo. Cualquier revisión, retransmisión, difusión o cualquier otro uso de este correo, por personas o entidades distintas a las del destinatario legítimo, queda expresamente prohibido. Este correo electrónico no pretende ni debe ser considerado como constitutivo de ninguna relación legal, contractual o de otra índole similar con CANAV Consultoría.
Confidentiality Notice – CANAV Consultoría:
This email and/or any attached material is intended solely for the use of the individual or entity to whom it is expressly addressed and may contain confidential or privileged information from CANAV Consultoría. If you are not the intended recipient, please notify the sender immediately and delete this email. Any review, retransmission, dissemination, or any other use of this email by individuals or entities other than the intended recipient is strictly prohibited. This email does not constitute, nor should it be considered, the basis for any legal, contractual, or similar relationship with CANAV Consultoría.
Reply all
Reply to author
Forward
0 new messages