Auth bypass in Microrealestate
CVE-2026-57869
Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization. This issue affects Micr…
Vulnerability class: IDOR (Insecure Direct Object Reference)
Affected products
- Microrealestate — versions 0
Weakness classification (CWE)
References
- vdp@themissinglink.com.au (product)
- vdp@themissinglink.com.au (third-party-advisory)