CVE-2025-26944 describes a missing authorization vulnerability in Crocoblock JetPopup versions up to 2.0.11. The issue allows unauthorized network-based access to functionality that should be protected by ACLs, without requiring privileges or user interaction. The vulnerability is rated high severity with a CVSS 3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). No patch or official vendor advisory is currently available, and no known exploits have been observed. The product is not cloud-hosted, so remediation requires applying vendor patches once released.

Successful exploitation could allow an unauthenticated attacker to access sensitive functionality within JetPopup that should be restricted, potentially leading to high confidentiality impact. There is no indication of integrity or availability impact. No known exploits are reported, so active exploitation is not confirmed.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict access to the affected JetPopup installation and monitor for unusual activity. Avoid exposing the vulnerable version to untrusted networks. Follow Crocoblock's official channels for updates and apply patches promptly once released.