Meta

Meta, a major social media and technology company, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no authentication to exploit, potentially compromising confidentiality, integrity, and availability of affected systems. The vulnerability can only be exploited locally by an unauthenticated attacker who tricks a user into executing malicious code, making it primarily a risk for devices where untrusted users have physical or local network access. Security teams should monitor for patches from Meta due July 24, 2026, and educate users about not executing suspicious files or content from untrusted sources until remediation is available.