Meta

Meta, a major social media and technology company, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no authentication to execute, potentially allowing attackers with local access to compromise confidentiality, integrity, and availability of affected systems. The vulnerability was discovered by Mat Powell and reported in March 2026 with a July 2026 patch deadline. Security teams should monitor Meta's advisory channels closely for patch releases and prioritize updates for affected products, as this local attack vector could be exploited through user-initiated actions on compromised or shared systems.