Meta

Meta, the parent company of Facebook, Instagram, and WhatsApp, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no authentication to exploit, potentially allowing an attacker with local access to compromise confidentiality, integrity, and availability. The attack vector is local only, meaning the attacker must have some level of presence on the affected system, though privilege escalation is not required. Security teams should monitor for patches expected by June 2026 and watch for exploitation attempts targeting users who may inadvertently interact with malicious local content.