Skip to main content
ZDI-CAN-29081 HIGH 7.8 Overdue Feb 24, 2026

Meta

Meta, the parent company of Facebook, Instagram, and WhatsApp, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no authentication to exploit, potentially allowing an attacker with local access to compromise confidentiality, integrity, and availability. The attack vector is local only, meaning the attacker must have some level of presence on the affected system, though privilege escalation is not required. Security teams should monitor for patches expected by June 2026 and watch for exploitation attempts targeting users who may inadvertently interact with malicious local content.

Advisory Details
Researcher Anonymous
Reported February 24, 2026
Deadline June 24, 2026 23d overdue
CVSS Vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy