CVE-2019-18426
high-risk
Published 2020-01-21
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.
Do I need to act?
!
55.3% chance of exploitation in next 30 days
EPSS score — higher than 45% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.2/10
High
NETWORK
/ LOW complexity
Affected Vendors
References (5)
Vendor Advisory
https://www.facebook.com/security/advisories/cve-2019-18426
Vendor Advisory
https://www.facebook.com/security/advisories/cve-2019-18426
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-...
60
/ 100
high-risk
Severity
28/34 · Critical
Exploitability
25/34 · High
Exposure
7/34 · Low