Critical Command Execution Vulnerability in WeChat Linux Client (QVD-2026-7687)

Vulnerability Overview

Name: WeChat Linux version command execution vulnerability<br/> ID: QVD‑2026‑7687<br/> Public Disclosure: 2026‑02‑10<br/> Severity: High (CVSS 3.1 score 8.0)<br/> Threat Type: Command execution<br/> Exploit Likelihood: High

Impact Description

Attackers can lure a user to open a file with a malicious filename, causing the client to execute arbitrary commands and obtain system privileges. The vulnerability potentially affects millions of users.

Exploit Conditions

The only condition required is that the victim clicks a maliciously crafted file.

Affected Scope

Affected Component: WeChat Linux client<br/> Affected Versions: Linux version ≤ 4.1.0.13<br/> Other Affected Components: None

Reproduction Status

Security researchers at QiAnXin CERT have successfully reproduced the vulnerability. The PoC is publicly available, and a screenshot of the exploit is shown below.

Mitigation Recommendations

Update the client to the latest version that includes the security patch:

WeChat Linux version ≥ 4.1.0.16

Download URL: https://linux.weixin.qq.com/ Customers are advised to perform a self‑check and apply the update promptly due to the large impact scope.

Reference

Official security advisory and patch released by WeChat Linux team. Source: HACK之道.