Meta

Meta, the social media and technology conglomerate, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction to exploit but can result in complete system compromise including data theft and system disruption. The flaw is locally exploitable without authentication, meaning an attacker with local access can trick a user into triggering malicious code that grants them high-level access to confidential information, system integrity, and availability. Security teams should monitor for patches due by July 2, 2026, and watch for any exploitation attempts targeting local user sessions, particularly on Meta's client applications or services.