CVE-2026-25367
Awaiting Analysis
Awaiting Analysis - Queue
Missing Authorization in NooTheme CitiLights β€ 3.7.2 Allows Unauthorized Access
Publication date: 2026-02-19
Last updated on: 2026-02-19
Assigner: Patchstack
Description
Description
Missing Authorization vulnerability in NooTheme CitiLights noo-citilights allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CitiLights: from n/a through < 3.7.2.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| noo_theme | citi_lights | to 3.7.2 (exc) |
| nootheme | citalights | to 3.7.2 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
