Meta

Meta, a major social media and technology company, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no authentication to exploit, potentially allowing attackers with local access to compromise system confidentiality, integrity, and availability. The attack vector is limited to local access with low complexity, presenting significant risk to users on shared or compromised systems. Security teams should monitor for patches from Meta by the July 2026 deadline and assess whether their user base relies on Meta products in environments where local access threats are relevant.