Meta

Meta, the social media and technology conglomerate behind Facebook, Instagram, and other platforms, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no authentication to exploit, potentially allowing an attacker with local access to compromise confidentiality, integrity, and availability of the affected system. The attack vector is limited to local access with low complexity, meaning an attacker on the same machine could trigger the vulnerability through user interaction to gain significant system control. Security teams should monitor for exploitation attempts targeting Meta products and be prepared to patch by the July 2026 vendor deadline once a fix becomes available.