Meta

Meta, the parent company of Facebook, Instagram, and WhatsApp, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no authentication to exploit, potentially allowing an attacker with local access to gain full control over confidentiality, integrity, and availability. The vulnerability is particularly concerning because it can be triggered through user interaction on a local system, making it exploitable in scenarios involving physical access or compromised devices. Security teams should monitor for exploitation attempts targeting Meta products and prepare patching strategies ahead of the July 2026 vendor deadline.