The Indian Computer Emergency Response Team (CERT-In) has issued a high-risk warning for WhatsApp users who access the platform on desktop computers. The agency, which functions under the ministry of electronics and information technology (MeitY), flagged the issue in an advisory published on April 9.

CERT-In said the vulnerability is caused by the way WhatsApp handles certain file types. “The vulnerability exists due to misconfiguration between the MIME type and file extension, leading to improper handling of attachment openings. An attacker could exploit this vulnerability by crafting malicious attachments which could execute arbitrary code when opened manually within WhatsApp,” the agency said.

This means attackers can send files that look harmless but are designed to harm the user’s system if opened in the WhatsApp Desktop app.

The issue affects users who have not updated their app to version 2.2450.6 or later. CERT-In has advised all users to install the latest version immediately to reduce the risk.

Users are also being urged to be cautious when opening files from unknown or untrusted sources, especially if the file name or type looks suspicious.

WhatsApp, owned by Meta, is used by over 400 million people in India. While the app offers end-to-end encryption, security issues on the desktop version can expose users to risks, especially those on Windows systems.