Meta

Meta, a major social media and technology company, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no authentication to exploit, potentially allowing attackers with local access to gain high-level control over confidentiality, integrity, and availability of affected systems. The vulnerability was reported in March 2026 with a patch deadline of July 2026, giving the vendor approximately four months to develop and release a fix. Security teams should monitor Meta's advisory channels closely for patches and consider restricting local access on systems running affected Meta products until updates are available.