Meta

Meta, a major social media and technology company, has a high-severity local vulnerability (CVSS 7.8) that requires no authentication but does need user interaction to exploit, potentially allowing attackers with local access to compromise system confidentiality, integrity, and availability. The attack vector is local with low complexity, meaning an attacker on the same system could relatively easily execute this flaw through user action without needing special privileges. Security teams should monitor for patches from Meta by the July 24, 2026 deadline and prioritize testing this fix in environments where local user access is a concern.