Meta

Meta, a major social media and technology company, has a high-severity vulnerability (CVSS 7.8) that requires local access and user interaction to exploit, but delivers significant impact across confidentiality, integrity, and authenticity when successful. The attack cannot be executed remotely and does not require authentication, meaning any local user could potentially trigger it through social engineering or physical access. Security teams should monitor for patches expected by July 2026 and assess their Meta product deployments for local privilege escalation or data theft risks in the interim.