Meta

Meta, the social media and technology company, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no authentication to exploit, potentially allowing attackers with local access to compromise confidentiality, integrity, and availability of affected systems. The vulnerability was reported in March 2026 with a vendor deadline of July 2026, giving Meta four months to develop and release a patch. Security teams should monitor for official Meta advisories and prioritize patching once available, particularly for systems where local user access is possible.