Meta

Meta, the social media and technology conglomerate, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but requires no authentication and could allow an attacker with local access to compromise confidentiality, integrity, and availability of the affected system. The vulnerability was reported in March 2026 with a vendor patch deadline of July 2026. Security teams should monitor for patches from Meta and implement access controls to restrict local execution, as this threat primarily affects users who might be tricked into running malicious code on their machines.