Meta

Meta, a major social media and technology company, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no authentication to exploit, potentially allowing attackers with local access to compromise system confidentiality, integrity, and availability. The vulnerability is accessible through the local attack vector with low complexity, making it relatively straightforward to exploit once an attacker gains system access. Security teams should monitor for patches when Meta releases a fix by the July 2026 deadline and assess whether this affects their organization's Meta products or services used in their environment.