Meta

Meta, the social media and technology conglomerate, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no authentication, potentially allowing an attacker with local access to compromise confidentiality, integrity, and availability of affected systems. The vulnerability was reported in March 2026 with a vendor patch deadline of July 2026. Security teams should monitor for patches from Meta and implement local access controls while tracking exploitation attempts targeting this vulnerability once details are publicly disclosed.