Meta

Meta, the social media and technology conglomerate behind Facebook, Instagram, and WhatsApp, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no authentication to exploit, potentially allowing attackers with local access to compromise system confidentiality, integrity, and availability. The attack vector is local-only, meaning an attacker needs pre-existing access to the affected device, but the flaw requires minimal user interaction and could cause complete system compromise. Security teams should monitor for patches from Meta by the July 24, 2026 deadline and prioritize systems in environments where local access by untrusted users is possible.