Meta

Meta, a major social media and technology company, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no authentication to exploit, potentially allowing attackers with local access to compromise confidentiality, integrity, and availability. The vulnerability affects systems where an attacker can interact with the targeted machine directly, making it primarily a risk for devices that untrusted users can physically or locally access. Security teams should monitor for patches expected before the July 2026 deadline and assess exposure on shared or publicly accessible Meta-controlled systems.