Meta

Meta, the parent company of Facebook, Instagram, and WhatsApp, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no authentication to exploit, allowing an attacker with local access to achieve complete confidentiality, integrity, and availability compromise. The vulnerability was reported in March 2026 with a patch deadline of July 2026. Security teams should monitor for a Meta advisory in the coming months and prioritize patching once available, particularly for systems where untrusted local users have access.