Meta

Meta, the social media and technology conglomerate, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no authentication to exploit, potentially allowing an attacker with local access to gain complete control over confidentiality, integrity, and availability of an affected system. The vulnerability was reported in March 2026 with a July 2026 deadline for a vendor patch. Security teams should monitor for patches from Meta and implement strict local access controls while awaiting official remediation guidance.