Meta

Meta, the social media and technology conglomerate, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no authentication to exploit, potentially allowing an attacker with local access to compromise confidentiality, integrity, and availability. The attack vector indicates this is not remotely exploitable and demands physical or local system access combined with user action to trigger the flaw. Security teams should monitor for patch releases between now and the July 2026 deadline and prioritize deployment once available, particularly for systems where local access by untrusted users is possible.