Meta

Meta, the parent company of Facebook, Instagram, and WhatsApp, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no authentication, allowing an attacker with local access to compromise confidentiality, integrity, and availability of the affected system. The vulnerability was reported in March 2026 with a patch deadline of July 2026, giving the vendor approximately four months to develop and release a fix. Security teams should monitor for patch releases from Meta and assess their internal systems for this vulnerability once details become public, prioritizing systems where local user access is possible.