Auth bypass in Microrealestate
CVE-2026-57870
Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3.
Vulnerability class: IDOR (Insecure Direct Object Reference)
Affected products
- Microrealestate — versions 0
Weakness classification (CWE)
References
- vdp@themissinglink.com.au (product)
- vdp@themissinglink.com.au (third-party-advisory)