PatchSiren cyber security CVE debrief
CVE-2026-40809 Rara Themes CVE debrief
CVE-2026-40809 is a MEDIUM severity vulnerability in Metro Magazine, a WordPress theme developed by Rara Themes. This issue, published on June 16, 2026, allows Exploiting Incorrectly Configured Access Control Security Levels due to a Missing Authorization vulnerability. The vulnerability affects Metro Magazine versions from n/a through 1.4.1.
- Vendor
- Rara Themes
- Product
- Metro Magazine
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of Metro Magazine, specifically those using versions from n/a through 1.4.1, should be aware of this vulnerability. As it has a CVSS score of 6.5 and is classified as MEDIUM severity, it is recommended to apply patches or mitigations as soon as possible.
Technical summary
The vulnerability, identified as CWE-862, is caused by a Missing Authorization issue in Metro Magazine. This allows for Exploiting Incorrectly Configured Access Control Security Levels. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply the latest patch or update for Metro Magazine to version 1.4.1 or later.
- Review and configure access control security levels properly.
Evidence notes
The CVE was published and modified on June 16, 2026. The source of this information is the National Vulnerability Database (NVD) and Patchstack.
Official resources
-
CVE-2026-40809 CVE record
CVE.org
-
CVE-2026-40809 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-40809 was published on June 16, 2026, and has not been used in any known ransomware campaigns.