Meta

Meta, the social media and technology conglomerate, has a high-severity vulnerability (CVSS 7.8) that requires local access and user interaction but requires no authentication, potentially allowing attackers to gain high-impact unauthorized access including data theft and system modification. The attack vector is entirely local-based, meaning an attacker must have physical or logical access to an affected system, though the relatively low complexity suggests it could be exploited straightforwardly once that access is obtained. Security teams should monitor for patches from Meta by the July 2026 deadline and assess whether any of their systems, devices, or services running vulnerable Meta software are exposed to local attack scenarios.