Meta

Meta, the social media and technology conglomerate, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction to exploit but requires no authentication, potentially allowing attackers with local access to achieve full compromise of confidentiality, integrity, and availability. The vulnerability was reported in March 2026 with a patch deadline of July 2026, giving the vendor approximately four months to develop and release a fix. Security teams should monitor Meta's advisory channels closely in the coming months and prioritize patching once available, particularly for systems where local access is a realistic threat scenario.