Meta

Meta, the social media and technology conglomerate, has a high-severity vulnerability (CVSS 7.8) that requires local access and user interaction to exploit, but delivers significant impact across confidentiality, integrity, and availability once successful. The flaw does not require authentication, meaning any user on an affected system could trigger it through social engineering or tricking someone into interacting with malicious content. Security teams should monitor for this advisory's publication and prepare patches for Meta products before the vendor deadline in July 2026, as the local attack vector makes it exploitable across Meta's device ecosystems.