Meta

Meta, the social media and technology conglomerate, has a local privilege escalation vulnerability (CVSS 7.8) that requires user interaction but no authentication to execute, potentially allowing attackers with local access to gain high-level control over confidentiality, integrity, and availability of affected systems. The vulnerability is limited to local attack vectors on individual machines, meaning an attacker must have physical or local network access to exploit it. Security teams should monitor for suspicious privilege escalation attempts and patch this issue before the July 2026 deadline, particularly for employees using Meta-related enterprise software or services.